Vulnerabilities and Attacks Flashcards
Firmware
Specialized forms of software stored on hardware devices, like a router or smart thermostat, provide low-level control for the device’s specific hardware.
End-of-life Systems
Refer to hardware or software products that have ended their life cycle.
Patch Management Process
Regularly monitoring for updates
Assessing the relevance and impact of patches
Deploying patches in a timely manner
Hardening
Involves Tightening the security of a system
Patching
Involves the regular updating of the software, firmware, and applications with the latest security patches
Configuration Enforcement
Used to ensure that all devices and systems adhere to a standard secure configuration
Decommissioning
This means that the system is retired and removed from the network.
Isolation
Used to limit the potential damage that might occur from a potential security breach.
Segmentation
Used to divide the network into segments
Bluetooth Vulnerabilities
Insecure Device Paring - This occurs when Bluetooth devices establish a connection without proper authentication.
Device Spoofing - This occurs when an attacker impersonates a device to trick a user into connecting.
On-Path Attack - Exploits Bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware.
Bluetooth Attacks
Bluejacking
Bluesnarfing
Bluebugging
Bluesmack
Blueborne
Sideloading
Mobile Vulnerabilities and Attacks
The practice of installing applications on a device from unofficial sources which actually bypasses the device’s default app store.
Jailbreaking and Rooting
Mobile Vulnerabilities and Attacks
Process that gives users escalated privileges on the devices and allows users to circumvent the built-in security measures provided by the devices.
Mobile Device Management (MDM) Solution
Used to conduct patching of the devices by pushing any necessary updates to the devices to ensure that hey are always equipped with the latest security patches.
Used to disable a device’s ability to sideload programs, Detect if a device has been jailbroken or rooted, and forces each device to use a VPN connection.
What are the 4 primary SQL commands?
SELECT - Read from DB
INSERT - Write to DB
DELETE - Remove from DB
UPDATE - Overwrite Data on DB
How to prevent SQL injection?
Use input validation
Sanitize Data
Use a web application firewall placed between the client and server
Extensible Markup Language (XML)
Used by web applications for authentication, authorization, and other types of data exchange.
To protect XML data in transit, it should always be placed in an encrypted tunnel, such as TLS.
Input Validation + Input Sanitization to protect the server receiving the data
Without encryption or validation its vulnerable to:
Snooping
Spoofing
Request Forgery
Injection of Arbitrary Code
XML Bomb
XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it.
Cross-Site Scripting
Injects a malicious script into a trusted site to compromise the site’s visitors.
XSS Steps
- The attacker identifies an input validation vulnerability within a trusted website.
- The attacker crafts a URL to perform code injection against the trusted website.
- The trusted site returns a page containing the malicious code injected.
- Malicious code runs in the client’s browser with permission level as the trusted site.
XSS Example (No Question)
https://diontraining.com/search?Q=<SCRIPT%20Type=Application/JavaScript’>Alert(‘xss’)</SCRIPT>
https://diontraining.com - Trusted Site
/Search?Q=<SCRIPT%20Type= - Query
Application/JavaScript’> - Javascript Script
Alert(‘xss’)</Script> - Output
Non-Persistent XSS
This type of attack only occurs when its launched hand happens once
Persistent XSS
Allows an attacker to insert code into the backend database used by that trusted website.
Document Object Model (DOM) XSS
Exploits the client’s web browser using client-side scripts to modify the content and layout of the webpage.
Session Management
Enables web applications to uniquely identify a user across several different actions and requests.
Cookie
Text file used to store information about a user when they visit a website
Non-persistent Cookie
Known as a session cookie, which resides in memory nad is used for a very short period of time
Persistent Cookie
Stored in the browser cache until either deleted by a user or expired.
Session Hijacking
This type of spoofing attack is where the attacker disconnects a host and then replaces it with his or her own machine by spoofing the original host IP.
Cross-Site Forgery Request (XSRF)
A malicious script exploits a session started on another site within the same web browser.
Buffer Overflow
It occurs when data exceeds allocated memory, potentially enabling unauthorized access or code execution.
Being used as the initial vector, causing 85% of data breaches.
Race Conditions
Software vulnerability where the outcome depends on the timing of events not matching the developer’s intended order
Occurs when multiple threads write to the same variable or object in the same memory locations simultaneously.
Dereferencing
Software vulnerability occurs when the code attempts to remove the relationship between a pointer and the thing that the pointer was pointing to the memory.
Time-of-Check (TOC)
Type of race condition where an attacker can alter a system resource after an application checks its state but before the operation is performed.
Time-of-Use (TOU)
Type of race condition that occurs when an attacker can change the state of a system resource between the time it is checked and the time it is used.
Time-of-Evaluation (TOE)
Type of race condition that involves the manipulating of data or resources during the time window when a system is making a decision or evaluation.
Deadlock
Occurs when a lock remains in place because the process it’s waiting for is terminating, crashes, or doesn’t finish properly, despite the processing being complete
