Threats, Vulnerabilities, Mitigation 4 Flashcards
What is a Logic Bomb?
- Waits for predefined events
- Time Bomb
- Often Hard to recover once it goes off
Mitigation
* Formal change control
* Alerts on changes
* Constand Auditing
What is a rootkit?
Hides itself in kernel of the OS
* Makes itself part of the OS
Can be invisible to the OS
* Does not appear in Task manager
Often invisible to traditional anti-virus
Mitigation:
* Rootkit remover tools
* Secure boot with UEFi - secures boot of system and therefore rootkit from running in kernel
What are Techniques for Physical Attacks?
- Brute Force
- RFID cloning:
- Underlying technology for Access badges, key fobs
- Environmental Attacks
What is DNS Poisioning ?
- Network Attack
- Exploiting Vulnerabilities in DNS infrastructure
- Corrupting DNS cache by injecting false data
- Leads to mapping of Domainname to incorrect IP
What is Domain Hijacking?
- Gain Access to Domain registration and control traffic flow
How?
* Brute Force
* Social engineer password
* Gain access to email address that manages account
What is Wireless Authentication Attack?
- Wireless deathentication
- Significant DoS attack
- 802.11 frames associated to attack
- Original Wireless Standarts had no protection for management frames: 802.11ac updates included
What is Radio Frequency Jamming?
DoS
* Prevents Wireless communication
Deliberate Interference of Wireless communications
* transmitting signals that disrupt normal functioning of devices
Fox hunting
* Attacker needs to be close in order to interfere
What is an on-path-attack?
Type of Attack where attacker gains access to communication path between two systems or devices allowing to intercept, modify or disrupt communication flow
- Formerly Man-in-the-middle attack
Example: Arp Poisioning
* Attacker sends falsified ARP messages onto local IP subnet
* ARP has no security associated to it
* Attacker tries to update ARP cache of victim and of router (or other device) with his own Mac Address
What is an on-path browser attack?
Middlemen is on same computer as victim and intercepts communication between web browser and internet
- Example: Exploiting Bank account login
What are reply attacks?
Attacker intercepts and reuses valid communication between two parties
Pass the Hash
* Interception of client and server communication
* Instead os letting victim send his own hashed password, attacker sends his password hash to gain access to server
Mitigation:
Salting, Encryption
Session Hijacking
* Taking over web user session by obtaining session ID and masquerading as legitimate user
How to obtain?
- Using packetcapture to obtain Session ID from header
- XSS
- Modification of headers: Tamper, Firesheep, Scapy