Types of Attacks - Technical

Question 1

Attacker exploits know vulnerabilities in specific app or OS or attack features in specific protocols or services in an attempt to deny authorized users access to an info system or features of that Info system.

Answer 1

Denial of Service (DoS)

Question 2

A DoS carried out using multiple attack system.

Answer 2

Distributed Denial of Service (DDoS)

Question 3

DDoS type of attacks can be made up of compromised systems that are unwitting participants in an attack

Answer 3

Zombie Attack

Question 4

Comprised of capturing traffic between two hosts. The attacker can observe traffic before relaying it. To the sending system it appears that all communication is occurring normally since all expected replies are received.

Answer 4

Man-in-the-Middle (MITM)

Question 5

Input buffer used to hold input is overwritten with data that is larger than the buffer can handle and happens due to error-checking not present in the way the application is written, whether it be due to poor coding practices or limitations of the programming language used.

Answer 5

Buffer Overflow

Question 6

Input from users is not validated against expected results and allows attackers to obtain command-line access at the privileged level of the application.

Answer 6

Injections

Question 7

Takes advantage of user input not being validated properly and is one of the most common web attacks. If the input is not validated properly, an attacker can include their script in their input and have it rendered as part of the web process.

Answer 7

Cross-Site Scripting (XSS)

Question 8

XSS TYPE

Injected script is not stored but immediately executed and passed back via the web server.

Answer 8

Non-persistent XSS attacks.

Question 9

XSS TYPE

Script is permanently stored on the web server or on some back-end storage system and allows the attacker to continue log the script against those who log into the system.

Answer 9

Persistent XSS attacks.

Question 10

XSS TYPE

Script is executed in the browser via the DOM process as opposed to on the web server

Answer 10

DOM-based XSS attack

Question 11

XSS ATTACK

Theft of authentication

Answer 11

Web apps

Question 12

XSS Attack

Session

Answer 12

Hijacking

Question 13

XSS Attack

Deploy hostile

Answer 13

Content

Question 14

XSS Attack

Change user

Answer 14

Settings

Question 15

XSS Attack

Impersonate

Answer 15

Users

Question 16

XSS Attack

Phishing or stealing

Answer 16

Sensitive Information

Question 17

Attacker utilizes authorized activity to be performed outside authorized use against sites that have authenticated users - exploits the trust in previous authentication request.

Answer 17

Cross-Site Request Forgery (XSRF)

Question 18

First step is to obtain root or admin level access and is called.

Answer 18

Privilege Escalation

Question 19

Create a DoS and sufficient enough volume of packets to overwhelm a host such as a large server - more than one device is needed.

Answer 19

Amplification.

Question 20

Attackers make unauthorized incorrect modifications to a DNS table of the host system.

Answer 20

DNS Poisoning

Question 21

Act of changing the registration of a domain name without the permission of its registrants and spreads false domain locations via the DNS system

Answer 21

Domain Hijacking

Question 22

Variant of MITM - installed piece of malware on a compromised system that “watches” user activity in their browser and when the user navigates to a certain site (such as a bank) the malware creates diff set of instructions - ie redirecting bill pay to transfer to attackers account

Answer 22

Man-in-the-Browser

Question 23

Attack that takes advantage of a vulnerability that a software vendor is not aware of.

Answer 23

Zero Day

Question 24

Attacker captures communication and replays it later to circumvent authentication mechanisms such as capturing and reusing certificates or tokens.

Answer 24

Replay attack

Question 25

Chances are if you authenticate with a username and password, your system doesn’t capture your password, rather it hashes it out, and that is what’s passed to your authentication mechanism. If an
attacker were to capture that hash and reinsert it into an authentication attempt, the system would verify
correctly, giving them access. This is known as a ”pass the hash” attack

Answer 25

Pass the hash

Question 26

The attacker tricks a user into clicking something different than what is displayed on the userinterface, using an overlay with invisible clicking elements that align with actual elements.

Answer 26

Clickjacking

Question 27

Refers to the process of taking control of an already existing session. The attacker doesn’t
have to circumvent any authentication mechanisms as the user has already authenticated

Answer 27

Session Hijacking

Question 28

Oftentimes, attacks need some type of user interaction. If an attacker can
get you to navigate to their site which houses their malicious payload, they’re winning the battle. One way to
accomplish this is with URL Hijacking, forcing users to navigate to a site they didn’t intend to. For
typosquatting, what happens is attackers set up their nefarious page with similar names to legitimate
businesses. For instance, they’ll replace letters that are commonly mistaken, such as an i for an l. Generally,
they’ll create their site to look similar to that of the one you intended to navigate to. This is done so that they
can capture your authentication information.

Answer 28

URL Hijacking and Typosquatting

Question 29

An attack on a system by changing their drivers, thus changing the behaviors of the
system. Drivers are generally less secure than the operating system that they’re connected to, leaving a
security gap that can be exploited.

Answer 29

Driver Manipulation

Question 30

This is the act of putting code between the OS and the drivers. It has legitimate purposes, but
attackers have found a way to exploit this

Answer 30

Shimming

Question 31

: Refactoring is the process of restructuring existing code without changing the external behavior
of the code. This is oftentimes done to resolve readability issues or to improve nonfunctional attributes.
Attackers have found ways to use this to add functionality

Answer 31

Refactoring

Question 32

making data look like its coming from somewhere else

Answer 32

Spoofing

Question 33

MAC Spoofing

Answer 33

kdjfksjfs

Question 34

IP Spoofing

Answer 34

lksjdflksf

Question 35

It’s important to understand how a Smurf attack works as well. Spoofing is used, but in a Smurf
attack, the attacker spoofs a packet to all systems on a particular network and forges the From address so
that the target host gets all the echo replies.

Answer 35

Smurf attack