Transcender Sec + Tests Flashcards
A hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred?
escalation of privileges
There are two type of privilege escalation:__________________.
vertical and horizontal
With ___________ privilege escalation, the attacker obtains higher privileges by performing operations that allow the attacker to run unauthorized code.
vertical
With _________ privilege escalation, the attacker obtains the same level of permissions as he already has but uses a different user account to do so.
horizontal
A _______ is a term for lines of code that are inserted into an application to allow developers to enter the application and bypass the security mechanisms.
backdoor
______________ are also referred to as maintenance hooks
Backdoors
backdoor
term for lines of code that are inserted into an application to allow developers to enter the application and bypass the security mechanisms.
escalation of privileges
An example would be when a hacker has used a design flaw in an application to obtain unauthorized access to the application.
This hacker technique detects vulnerabilities through techniques such as social engineering, accessing supposedly confidential information on publicly available databases, dumpster diving, and shoulder surfing.
Passive reconnaissance
Passive reconnaissance is an attempt to gain information about targeted computers and networks _________ actively engaging with the systems.
without
In _________ reconnaissance the attacker engages with the target system, typically conducting a port scan to determine find any open ports.
active
Active reconnaissance accesses the system ___________ to detect vulnerabilities. Tools and techniques such as network mapping, port scans, and network sniffing are used to test the system and identify potential sources of attack.
directly
________ use a compromised system to attack another system.
Pivots
Pivots
Using a compromised system to attack another system.
Initial exploitation _________ one system so that it can be used in a pivot test against another system.
compromises
Persistence is when the compromised system is used in an attack at some point ______ the initial exploitation occurred.
after
An example of __________ would be when a student’s notebook computer contracts malware at a coffee shop, but the school network is not affected until the student logs in to the school network.
persistence
What are maintenance hooks
Maintenance hooks are another name for back doors- hole in coding that a programmer adds so that he can get in and bypass security
__________ can be caused by a programmer failing to free up memory once the process using that memory has been completed. C and C++ are particularly prone to ___________.
Memory leaks
memory leaks
Integer overflows happen when a number _________ to fit into the data type “integer” is not rejected and is allowed to corrupt the program.
is too large
Pointer differences occur when
a pointer (which points to the proper memory location) has the reference changed. This results in the pointer pointing to an inaccurate value
Integer overflows
happens when a number is too large to fit into the data type “integer” is not rejected and is allowed to corrupt the program.
A buffer overflow is an example of improper ______________________, and the impact can include ___________.
- input handling being allowed by the
application code - crashing the application
Examples of improper input handling include failure to validate the _________ _________, the length of the data, proper date ranges.
type of data in an input field
