CYBF 646 - Quiz 2 > Module 3 - Attacks through Browsers and Add-on Modules > Flashcards

Module 3 - Attacks through Browsers and Add-on Modules Flashcards

(17 cards)

Study These Flashcards
1
Q

Browser Vulnerabilities

A
  • all have

- rely on users to upgrade to new versions and install patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Browser Helper Objects (BHOs)

A
  • extend functionality of browser, e.g. open PDFs, render graphics, play movies
  • popular as targets
  • not patched as often as browsers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Access via Browser

A
  • intrusions launched through browsers and BHOs frequently have same level of permission as user account
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Browser Intrusion Artifacts (4)

A
  • internet cache
  • account temp directory
  • Windows registry
  • Java Runtime Environment (JRE) files
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Browser Attacks (method examples)

A
  • exploit configurations
  • change default home page
  • install toolbar
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IE Home Page Setting

A

\Software\Microsoft\Internet Explorer\Main\Start Page

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IE Add-ons

A

Internet Options

Manage Add-Ons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Safari Extensions

A

Preferences

Extensions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Java Runtime Environment (definition)

A

runtime portion of Java software (only thing needed to run Java via web browser)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

JRE (parts)

A
  • Java Virtual Machine (JVM)
  • Java platform core classes
  • Java platform libraries (supporting libraries)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Java plug-in (definition)

A
  • component of JRE
  • allows applets written in Java to run inside browsers
  • not standalone program -> cannot be installed separately.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

XSS

A

Cross Site Scripting (both client and server)

  • loading attacked, 3rd party web app from unrelated attack site -> in manner that executes fragment of JavaScript prepared by attacker.
  • now also other modes of code injection, including ActiveX, Java, VBScript, Flash, or HTML scripts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

XSS Persistent

A
  • less common

- data (from attacker) saved by server and permanently displayed on “normal” pages without proper HTML escaping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

XSS non-persistent

A
  • more common
  • data provided by web client (HTML query parameters or form submissions) used by server-side scripts to parse and display results to user without properly sanitizing the request.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Artifacts for XSS

A
  • emails (for links)
  • web page caches (for links)
  • web server logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Locations of browser caches

17
Q

Artifacts for BHOs

Study These Flashcards
A
  • registry (SOFTWARE\Classes\CSID ntuser.dat)

- JAR files (C:\Users\AppData\LocalLow\Sun\Java\Deployment\cache

CYBF 646 - Quiz 2
flashcards
Decks in class (4)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions