1.3 Application Attacks

Question 1

Define Privilege Escalation

Answer 1

Using an existing account to gain privileges beyond that account

Question 2

Examples of privilege escalation attacks (2)

Answer 2

1. User A gaining access to resources that only granted to User B
2. Using a regular user account to launch an attack gaining Administrator/Root access

Question 3

Preventing Privilege Escalation attacks (3)

Answer 3

1. Data Execution Prevention (DEP)
2. Anti-Virus/Malware
3. Keeping OS patches up-to-date

Question 4

Cross Site Scripting attack (XSS)

Answer 4

Taking advantage of web browsers and web-based applications use of JavaScript to launch attacks

Question 5

2 Types of Cross Site Scripting attacks

Answer 5

1. Non-Persistent (Client-side)
2. Persistent or Reflected (Server-side)

Question 6

Define Non-Persistent Cross Site Scripting Attack

Answer 6

Sends a malicious link to a valid, vulnerable web site with malicious JavaScript appended to input fields that will run silently in the background when the user clicks it

Question 7

Define Persistent Cross Site Scripting Attack

Answer 7

Permanently posting malicious JavaScript on a site that runs every time the page is launched, i.e. via sites that display user messages or forum sites

Question 8

Difference between Persistent and Non-Persistent Cross Site Scripting Attack

Answer 8

Non-persistent initiated from user’s browser, Persistent is stored on the web-server and runs every time some one accesses the web page

Question 9

Define Injection Attack

Answer 9

Adding or removing information from a data stream for malicious intent

Question 10

4 Common Injection Attacks

Answer 10

1. SQL Injection
2. XML Injection
3. DLL Injection
4. LDAP Injection

Question 11

Define SQL Injection

Answer 11

Capitalizing on poorly designed web sites to extract data from databases via modified SQL statements

Question 12

Define XML Injection

Answer 12

Appending malformed XML to XML exchanged between devices for malicious intent

Question 13

Define LDAP Injection

Answer 13

Injecting data to LDAP data exchanges to access information from LDAP database

Question 14

Define DLL Injection

Answer 14

Attaching a malicious DLL to a valid process so that whenever the valid process is run, the malicious process is also run

Question 15

Define Pointer/Object Dereference, how and result

Answer 15

1. supply a pointer for memory locations that the product is not expecting
2. attack might allow modification of critical state variables, cause a crash, or execution of code

Question 16

Define Directory Traversal attack and specific server type vulnerable to it

Answer 16

Accessing directories on a web server outside of the publicly available directories hosting the web content

Question 17

Define Buffer Overflow attack

Answer 17

Using one section of memory to overwrite another section of memory causing the application to crash

Question 18

What causes buffer overflow vulnerabilities?

Answer 18

Poor application programming

Question 19

Define Race Condition attack

Answer 19

Taking advantage of simultaneously running processes for malicious intent

Question 20

What is a TOCTOU attack?

Answer 20

Time-Of-Check to Time-Of-Use attack, taking advantage of the timing of the execution of processes for malicious intent, i.e. transferring more money from an account than the available balance due - Race Condition

Question 21

What vulnerability exists related to application error handling?

Answer 21

Improper error messages might expose valuable system information, such a stack trace dump, that can be used for further malicious activities

Question 22

Vulnerability exposed by improper input handling?

Answer 22

Improperly or not validating data input by users opens application up to injection attacks

Question 23

Define replay attack

Answer 23

Gaining information, such as Session IDs, from network traffic and then using that information to create malicious requests

Question 24

Define Session Replay attack

Answer 24

Attacker is able to pose as an authorized user by obtaining a session id and posing as another valid user or system

Question 25

Preventing Replay attacks (2)

Answer 25

1. Encrypt all communications 2. Salting hashes

Question 26

Define Integer overflow

Answer 26

Occurs when a larger integer is assigned than memory space is allocated for, causing it to overflow into another memory space crashing an application

Question 27

Define Cross-Site Request Forgery

Answer 27

Initiating unwanted actions via client-side browser using an authenticated session

Question 28

What is the abbreviation for Cross-Site Request Forgery? (2)

Answer 28

XSRF or CSRF

Question 29

How is a Cross-Site Request Forgery attack initiated?

Answer 29

It is dependent on the victim clicking on a malicious URL

Question 30

Define Server-Side Request Forgery

Answer 30

A forged request initiated from the server to access services that are not publicly exposed

Question 31

How is a Server-Side Request Forgery attack initiated?

Answer 31

Malicious requests are sent to a vulnerable web application that then accesses private services to perform malicious actions

Question 32

Define application programming interface (API) attack

Answer 32

Sending malicious HTTP GET requests to an API service to cause a system crash, obtain information, or perform other malicious actions

Question 33

Define Resource Exhaustion attack

Answer 33

A type of denial-of-service attack often launched from a single low-bandwidth device to crash a device or service by consuming all of its resources

Question 34

What are 2 examples of Resource Exhaustion attacks?

Answer 34

1. Sending a small zip file that is huge when decompressed 2. DHCP starvation - creating a bunch of DHCP requests to consume all of the addresses available in the pool

Question 35

Define Memory Leak in an application

Answer 35

A vulnerability where memory is not released after use and eventually the application consumes all available memory on the device

Question 36

Define Null Pointer Dereference vulnerability in an application

Answer 36

A vulnerability where a memory value is replaced with a NULL value causing the application to crash if not properly handled

Question 37

Define SSL Stripping attack

Answer 37

A man-in-middle attack to intercept HTTP(S) communications. The client browser is tricked into downgrading to using HTTP, instead of HTTPS, and HTTP is relayed to the client and HTTPS is relayed to the server. The malicious middle host is now able to access all information communicated.

Question 38

How to avoid SSL Stripping attack

Answer 38

Configure client browsers and web servers to not allow HTTP, only HTTPS

Question 39

Define Driver Manipulation attack

Answer 39

Exploiting vulnerabilities in drivers to bypass anti-virus/malware scanning for malicious intent

Question 40

Define Driver Manipulation - Shimming attack

Answer 40

A shim is a small library that translates API calls to create compatibility between and app and the OS. This shim can create an opportunity for malicious manipulation.

Question 41

Define Driver Manipulation - Refactoring attack

Answer 41

Refactoring virus/malware code to evade signature detection by anti-virus/malware programs

Question 42

Define Pass-the-Hash attack

Answer 42

If an attacker can capture a hashed password, they can use it in a replay attack to authenticate and impersonate a user or system