Threats, Vulnerabilities, Mitigation 5 Flashcards
Just name Application attacks
- Injection Attacks
- Buffer Overflow
- Replay Attacks
- Privilege Escalation
- Forgery
- Directory Traversal
What is CSRF/XSRF?
- Cross-site request forgery
- Attacker takes advantage of trust that web application has for user
Example:
- Victim still logged in his browser to online banking
- Attacker sends Hyperlink woth forged bank transfer request
- Victim clicks, logged in web browser who thinks transaction is legit and trusts
What is SSRF?
- Server-side Request forgery
- Tricks server into visiting URL based on user supplied input
What is Directory Traversal?
- Access directories that are outside of website files directory
Reasons:
* Misconfigurations
* Web Server vulnerabilities
* Web application code vulnerability
Indication
../../../
What are Cryptographic Attacks?
Birthday Attack
* Leverages possibility of hash taking two different inputs that produce same Hash output
* As more hashing of inputs are generated the higher chance of collission
Mitigation: Larger Hashes
What is a downgrade attack?
- Attack used against secure systems to trick them into shifting communication to less secure cryptographic modes
- Attacker on-path
Example:
HTTPS - HTTP
TLS
What are Passwork Attacks?
Spraying
* Trying to guess most common passwords
Brute Force
* Trying all possible combinations
Name IOC´s (9)
- Account Lockout
- Concurrent Session usage
- Blocked content
- Impossible travel
- Resource consumption
- Resource Inaccessibility
- Out-of-Cycle logging
- Missing Logs
- Published / Documented
What is blocked content?
- IOC
- Attacker wants to stay as long as possible
Therefore, blocked services:
- Auto-update connections
- Links to security patches
- Third Party anti-malware sites
- Removal tools
What is Resource consumption?
- Outgoing traffic
- File transfer
- Often Spikes at unusual times
What is Out-of-Cycle logging?
- Logging activities or events that occur outside the normal, expected cycle of logging in a system or network
- Firewall log activity
- Operating system patch logs