1.3 Analyzing potential indicators associated with application attacks
Information from one sit could be shared with another site. This is known as .....?
XSS Cross-site scripting, this is a common vulnerability on web-based applications
A ________ is a code library that intercepts and redirects calls to enable legacy mode on a system. The _______ database represents a way that malware with local administrator privileges can run on reboot (persistence).
shim
___________ is a vulnerability that causes the operating system to allow one process to attach to another.
A dynamic link library (DLL) injection
XML (Extensible Markup Language)
A set of rules used for data transfer and storage.
___________ occurs when the threat actor modifies basic SQL functions to some input accepted by an app to run other malicious SQL queries or parameters.
A structure query language (SQL) injection
DLL injection (dynamic link library)
A way to inject code into an application and have the application execute the code for us.
occurs when submitted XML data takes advantage of spoofing, request forgery, and injection of arbitrary code. The XML had no encryption or input validation checks.
An extensible markup language (XML) injection attack
An attacker sent a victim an email with a link to a malicious website. The victim then clicked the link, which opened a malicious payload in the browser, and changed the user's password to a legitimate website. The legitimate site is vulnerable to what type of attack?
Cross-site Request Forgery (XSRF)
An application's code prevents the output of any type of information when an error occurs during a request. The development team cited security reasons as to why they developed the application in this way. What sort of security issues did the team have concerns about in this case?
Database server configuration information
It is also known as a "dot slash" attack
Directory traversal
An attacker was not able to submit a query on port 389 to a domain controller using an open connection on a switch. The domain controllers did not trust the connection from the attacker's laptop. The company's security prevented which type of application injection attack?
LDAP injection
LDAP injection attack
Modifys LDAP requests to manipulate application results. this would give you, the attacker, access to authentication information from the server you wouldn't normally have access to.
Which attacks takes advantage of Windows Safe Mode?
Pass the hash
______________ occurs when the attacker steals hashed credentials and uses them to authenticate to the network. Using once-only session tokens or timestamping sessions prevents this type of attack.
Pass-the-hash
Through what method can malware evade antivirus software detection so that the software no longer identifies the malware by its signature?
Refactoring
What process involves changing an application's source code without modifying the characteristics?
Refactoring
Web site would allow scripts to run when victim's click the link. What type of attack is this? Can be a link through email, can be a search box, this is so the attacker can gain stolen session id's, so they can authenticate to the website.
Reflected XSS
An intruder monitors an admin's unsecure connection to a server and finds some required data, like a cookie file, that legitimately establishes a session with a web server. Knowing the admin's logon credentials, what type of attack can the intruder perform with the cookie file?
Replay Attack
Pass the Hash attack is an example of what type of attack?
Replay Attack
Useful information transmitted over the network, accessed by either a network tap or ARP poisoning could be used to launch a __________ attack. ( Session id's and such)
Replay Attacks
An attacker submits a line of code in a text field of a website survey. When the web server processes the submission, the code is executed, and the output enumerates password hashes from an internal database. What type of application exploit did the attacker most likely implement?
SQL injection
A ________________abuses the functionality and services of backend servers to read and update internal resources. This can expose, for example, database information, even without an authenticated session.
Server-side request forgery
Using a select list of uniform resource locator (URL) links to multiple parts of a website, an attacker was able to modify the URL submission that exposed internal database configurations. The attacker did not need to establish an authenticated session. This describes which of the following types of attacks?
Server-side request forgery
A condition when an attacker tries to gain privilege to a system by racing it to a resource
Time-of-Check
SOAP Injection
Uses simple object access protocol, which uses XML strings, to manipulate a target
By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware?
a shim
A _________________ is a type of brute force attack aimed at exploiting collisions in hash functions. This type of attack can forge a digital signature
birthday attack
A ___________________ facilitates a Man-in-the-Middle (MitM) attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.
downgrade attack
An error when the result of a math operation does not fit within the allocated memory space
integer overflow
If the pointer is set to a null value by a malicious process, this creates a null pointer exception, and the process will crash. Programmers can use ______________ to test that a pointer is not null before trying to use it.
logic statements
buffer overflow attack
one section of memory is able to overwrite a different section of memory that should not occur. (not an easy exploit for attackers to find)
A ______________ occurs when the outcome from an execution process is directly dependent on the order and timing of certain events. A TOCTTOU vulnerability will take advantage of this timing to modify data before finally using it.
race condition
A ____________consists of intercepting a key or password hash, then reusing it to gain access to a resource. Using once-only session tokens or timestamping sessions prevents this type of attack.
replay attack
XML injection
this modifys the XML requests. (changes the set of rules)