Vulnerabilities and Attacks

Question 1

Firmware

Answer 1

Specialized forms of software stored on hardware devices, like a router or smart thermostat, provide low-level control for the device’s specific hardware.

Question 2

End-of-life Systems

Answer 2

Refer to hardware or software products that have ended their life cycle.

Question 3

Patch Management Process

Answer 3

Regularly monitoring for updates
Assessing the relevance and impact of patches
Deploying patches in a timely manner

Question 4

Hardening

Answer 4

Involves Tightening the security of a system

Question 5

Patching

Answer 5

Involves the regular updating of the software, firmware, and applications with the latest security patches

Question 6

Configuration Enforcement

Answer 6

Used to ensure that all devices and systems adhere to a standard secure configuration

Question 7

Decommissioning

Answer 7

This means that the system is retired and removed from the network.

Question 8

Isolation

Answer 8

Used to limit the potential damage that might occur from a potential security breach.

Question 9

Segmentation

Answer 9

Used to divide the network into segments

Question 10

Bluetooth Vulnerabilities

Answer 10

Insecure Device Paring - This occurs when Bluetooth devices establish a connection without proper authentication.

Device Spoofing - This occurs when an attacker impersonates a device to trick a user into connecting.

On-Path Attack - Exploits Bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware.

Question 11

Bluetooth Attacks

Answer 11

Bluejacking
Bluesnarfing
Bluebugging
Bluesmack
Blueborne

Question 12

Sideloading

Answer 12

Mobile Vulnerabilities and Attacks

The practice of installing applications on a device from unofficial sources which actually bypasses the device’s default app store.

Question 13

Jailbreaking and Rooting

Answer 13

Mobile Vulnerabilities and Attacks

Process that gives users escalated privileges on the devices and allows users to circumvent the built-in security measures provided by the devices.

Question 14

Mobile Device Management (MDM) Solution

Answer 14

Used to conduct patching of the devices by pushing any necessary updates to the devices to ensure that hey are always equipped with the latest security patches.

Used to disable a device’s ability to sideload programs, Detect if a device has been jailbroken or rooted, and forces each device to use a VPN connection.

Question 15

What are the 4 primary SQL commands?

Answer 15

SELECT - Read from DB
INSERT - Write to DB
DELETE - Remove from DB
UPDATE - Overwrite Data on DB

Question 16

How to prevent SQL injection?

Answer 16

Use input validation
Sanitize Data
Use a web application firewall placed between the client and server

Question 17

Extensible Markup Language (XML)

Answer 17

Used by web applications for authentication, authorization, and other types of data exchange.

To protect XML data in transit, it should always be placed in an encrypted tunnel, such as TLS.

Input Validation + Input Sanitization to protect the server receiving the data

Without encryption or validation its vulnerable to:
Snooping
Spoofing
Request Forgery
Injection of Arbitrary Code

Question 18

XML Bomb

Answer 18

XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it.

Question 19

Cross-Site Scripting

Answer 19

Injects a malicious script into a trusted site to compromise the site’s visitors.

Question 20

XSS Steps

Answer 20

1. The attacker identifies an input validation vulnerability within a trusted website.
2. The attacker crafts a URL to perform code injection against the trusted website.
3. The trusted site returns a page containing the malicious code injected.
4. Malicious code runs in the client’s browser with permission level as the trusted site.

Question 21

XSS Example (No Question)

Answer 21

https://diontraining.com/search?Q=<SCRIPT%20Type=Application/JavaScript’>Alert(‘xss’)</SCRIPT>

https://diontraining.com - Trusted Site
/Search?Q=<SCRIPT%20Type= - Query
Application/JavaScript’> - Javascript Script
Alert(‘xss’)</Script> - Output

Question 22

Non-Persistent XSS

Answer 22

This type of attack only occurs when its launched hand happens once

Question 23

Persistent XSS

Answer 23

Allows an attacker to insert code into the backend database used by that trusted website.

Question 24

Document Object Model (DOM) XSS

Answer 24

Exploits the client’s web browser using client-side scripts to modify the content and layout of the webpage.

Question 25

Session Management

Answer 25

Enables web applications to uniquely identify a user across several different actions and requests.

Question 26

Cookie

Answer 26

Text file used to store information about a user when they visit a website

Question 27

Non-persistent Cookie

Answer 27

Known as a session cookie, which resides in memory nad is used for a very short period of time

Question 28

Persistent Cookie

Answer 28

Stored in the browser cache until either deleted by a user or expired.

Question 29

Session Hijacking

Answer 29

This type of spoofing attack is where the attacker disconnects a host and then replaces it with his or her own machine by spoofing the original host IP.

Question 30

Cross-Site Forgery Request (XSRF)

Answer 30

A malicious script exploits a session started on another site within the same web browser.

Question 31

Buffer Overflow

Answer 31

It occurs when data exceeds allocated memory, potentially enabling unauthorized access or code execution.

Being used as the initial vector, causing 85% of data breaches.

Question 32

Race Conditions

Answer 32

Software vulnerability where the outcome depends on the timing of events not matching the developer’s intended order

Occurs when multiple threads write to the same variable or object in the same memory locations simultaneously.

Question 33

Dereferencing

Answer 33

Software vulnerability occurs when the code attempts to remove the relationship between a pointer and the thing that the pointer was pointing to the memory.

Question 34

Time-of-Check (TOC)

Answer 34

Type of race condition where an attacker can alter a system resource after an application checks its state but before the operation is performed.

Question 35

Time-of-Use (TOU)

Answer 35

Type of race condition that occurs when an attacker can change the state of a system resource between the time it is checked and the time it is used.

Question 36

Time-of-Evaluation (TOE)

Answer 36

Type of race condition that involves the manipulating of data or resources during the time window when a system is making a decision or evaluation.

Question 37

Deadlock

Answer 37

Occurs when a lock remains in place because the process it’s waiting for is terminating, crashes, or doesn’t finish properly, despite the processing being complete