Threats, Vulnerabilities, Mitigation 5 Flashcards

1
Q

Just name Application attacks

A
  • Injection Attacks
  • Buffer Overflow
  • Replay Attacks
  • Privilege Escalation
  • Forgery
  • Directory Traversal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is CSRF/XSRF?

A
  • Cross-site request forgery
  • Attacker takes advantage of trust that web application has for user

Example:

  • Victim still logged in his browser to online banking
  • Attacker sends Hyperlink woth forged bank transfer request
  • Victim clicks, logged in web browser who thinks transaction is legit and trusts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is SSRF?

A
  • Server-side Request forgery
  • Tricks server into visiting URL based on user supplied input
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Directory Traversal?

A
  • Access directories that are outside of website files directory

Reasons:
* Misconfigurations
* Web Server vulnerabilities
* Web application code vulnerability

Indication

../../../

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Cryptographic Attacks?

A

Birthday Attack
* Leverages possibility of hash taking two different inputs that produce same Hash output
* As more hashing of inputs are generated the higher chance of collission

Mitigation: Larger Hashes

What is a downgrade attack?

  • Attack used against secure systems to trick them into shifting communication to less secure cryptographic modes
  • Attacker on-path

Example:
HTTPS - HTTP
TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are Passwork Attacks?

A

Spraying
* Trying to guess most common passwords

Brute Force
* Trying all possible combinations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name IOC´s (9)

A
  • Account Lockout
  • Concurrent Session usage
  • Blocked content
  • Impossible travel
  • Resource consumption
  • Resource Inaccessibility
  • Out-of-Cycle logging
  • Missing Logs
  • Published / Documented
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is blocked content?

A
  • IOC
  • Attacker wants to stay as long as possible

Therefore, blocked services:

  • Auto-update connections
  • Links to security patches
  • Third Party anti-malware sites
  • Removal tools
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Resource consumption?

A
  • Outgoing traffic
  • File transfer
  • Often Spikes at unusual times
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Out-of-Cycle logging?

A
  • Logging activities or events that occur outside the normal, expected cycle of logging in a system or network
  • Firewall log activity
  • Operating system patch logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly