Threats, Vulnerabilities, Mitigation 2 Flashcards
Name Application Attacks
- Memory Injections
- Buffer Overflow
- Race conditions
- Software updates
Which processes run in memory and can be abused by memory injection?
- DLLs (Dynamic Link Libraries)
- Threads
- Buffers
- Memory Management functions
How can attacks use memory?
- Malware installs own process
- Malware injects itself into legitimate process
How is memory injection performed?
Code is added into memory of an existing process -
* Malware is hidden inside starting point and Ending Adress of Process
Malware gets Access to the data in that Process
* And same rights and Permissions
* Perform privilege escalation
Explain DLL injection
- Most common Memory Injection
Dynamic Link Library
- Windows library containing code and data
- Used by many applications
- Attacker injects a path to a malicious DLL into Target Process
- Runs as Part of target process
What is Buffer Overflow?
- Overwriting Buffer of memory
In order: - To spill from one buffer to another
- Inject code into system memory
Buffer: Temporary storage of memory
What are Race conditions?
- Programming Conundrum
- Occurs when behavior of system or software depends on sequence or timing of different events
- Can have negative impact on running of Application
TOC / TOU
* Time-of-Check / Time-Of-Use vulnerability
* Occurs when systems state changes between the time a check is performed and the time the result is used
Why are OS good attack vectors?
- Big target: Everyone is using one
- Very Complex Consists of many million lines of code therefore more security issues
Explain software update vulnerabilities
- Can be used to insert malicious code
- Supply chain can also be attacked
Best practices:
- Confirm source of update
- Update directly from developer website
- Digitally signed updates
Explain reflected and stored XSS
Reflected / non-persistent XSS
* Website allows scripts to run in user input
* Attacker tricks victim into clicking malicious link or submitting input into web application
* Server reflects input
* Execution in Browser
Stored / persistend XSS
* Attacker stores malicious script on publicly accessible website
* Facebook post, Blog, comment
* It is now persistent
* No specific target