Module 03: Threats and Attacks on Endpoints
What is true of a zeroday exploit
- A zero-day vulnerability can only be discovered when the software is deployed. Before the deployment, since the software is not ready and rolled out, it is impossible to discover the zero-day vulnerability. - A zero-day vulnerability can be an example of an unknown threat. Unknown to the organization, the vulnerability may be present in the organization's operating systems or applications. - A zero-day attack is impossible to detect as it exploits the unknown vulnerabilities
What is the difference between a Trojan and a RAT?
A RAT gives the attacker unauthorized remote access to the victim's computer.
Structured Query Language
A ________________ used to view and manipulate data that is stored in a relational database.
Time of check/time of use race condition
A flaw that results in a pointer given a NULL instead of valid value. this is called a pointer/object dereference
eXtensible Markup Language (XML)
A markup ________________ designed to store information.
improper input handling
A programming error that does not filter or validate user input to prevent a malicious action.
error handling
A programming error that does not properly trap an __________ condition.
tainted training data for machine learning
A risk associated with attackers can attempt to alter the training data that is used by ML.
security of the ML algorithms
A risk associated with the vulnerabilities in AI-powered cybersecurity applications and their devices.
race condition
A situation in software that occurs when two concurrent threads of execution access a shared resource simultaneously.
memory leak
A situation that occurs when, due to a programming error, memory is not freed when the program has finished using it.
time of check/time of use
A software check of the state of a resource before using that resource.
command and control (C&C)
A structure that sends instructions to infected bot computers.
fileless virus
A type of malware that takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks.
the link to the device platform that allows a developer to access resources at a higher level.
API (Application Programming Interface)
resource exhaustion attacks
An ____________ that depletes parts of memory and interferes with the normal operation of the program in RAM to give an attacker access to the underlying OS.
application program interface (API) attack
An ____________ that targets vulnerabilities in an ______.
device driver manipulation
An attack that alters a device driver from its normal function.
integer overflow attack
An attack that changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.
replay
An attack that copies data and then uses it for an attack.
DLL injection
An attack that inserts code into a running process through a ______ to cause a program to function in a different way than intended.
SQL injection
An attack that inserts statements to manipulate a database server using Structured Query Language commands.
XML injection
An attack that inserts statements to manipulate a database server using eXtensible Markup ________________ (XML).
buffer overflow attack
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
server-side request forgery (SSRF)
An attack that takes advantage of a trusting relationship between web servers.
cross-site scripting (XSS)
An attack that takes advantage of a website that accepts user input without validating it.
client-side request forgery
An attack that takes advantage of an authentication "token" that a website sends to a user's web browser to imitate the identity and privileges of the victim.
cross-site request forgery (CSRF)
An attack that takes advantage of an authentication "token" that a website sends to a user's web browser to imitate the identity and privileges of the victim.
Trojan
An executable program that masquerades as performing a benign activity but also does something malicious.
bot
An infected computer (sometimes referred to as a zombie) placed under the remote control of an attacker for the purpose of launching attacks.
A client calls you about a message that suddenly appeared on their screen that says the software license has expired and they must immediately pay $500 to have it renewed before control of the computer will be returned to them. What type of malware has infected their computer?
Blocking ransomware
Password spraying cyber-attack can be categorized as which kind of attack?
Brute-force
Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?
Buffer Overflow
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program?
Buffer overflow attack
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
CSRF
refactoring
Changing the design of existing code.
logic bomb
Computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it.
Which of the following enables attackers to inject client-side scripts into web pages viewed by other users?
Cross Site Scripting
types of files that can be infected by malware include:
DOCX or XLSX Microsoft Office user documents EXE Executable program file MSI Microsoft installer file MSP Windows installer patch file SCR Windows screen saver CPL Windows Control Panel file MSC Microsoft Management Console file WSF Windows script file PS1 Windows PowerShell script
An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application?
Directory Listing
Which of the following attacks targets the external software component that is a repository of both code and data?
Dynamic-link library (DLL) injection attack
Which is NOT a means by which a bot communicates with a C&C device?
Email (not totally true)
Which of the following attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?
Error Based SQL Injection
adversarial artificial intelligence
Exploiting the risks associated with using AI and ML in cybersecurity.
True or False: AI learns on its own without any input data
False
True or False: An SSRF takes advantage of a trusting relationship between a web browser and web servers.
False
True or False: Software keyloggers are generally easy to detect.
False
True or false: It is a common tactic for cryptomalware attackers to not send the decryption key after the ransom has been paid.
False
True or false: c. A recognized subset of ML is AI.
False
keylogger
Hardware or software that silently captures and stores each keystroke that a user types on the computer's keyboard.
Which of the following provides unauthorized access to another user's system resources or application files at the same level/role within an organization?
Horizontal Privilege Escalation
Which of the following would NOT be something distributed by a botnet?
LOLbins
worm
Malicious program (sometimes called network viruses) that uses a computer network to replicate
Malware
Malicious software that enters a computer system without the user's knowledge or consent and then performs an unwanted and harmful action.
rootkit
Malware that can hide its presence and the presence of other malware on the computer.
cryptomalware
Malware that encrypts all the files on the device so that none of them can be opened until a ransom is paid.
backdoor
Malware that gives access to a computer, program, or service that circumvents any normal security protections.
remote access Trojan (RAT)
Malware that infects a computer like a ____________ but also gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols.
Ransomware
Malware that prevents a user's endpoint device from properly and fully functioning until a fee is paid.
software apps installed on a device before the purchase are known as:
PUP (Potentially unwanted programs
Which of the following is also known as a "dot dot slash" attack?
Path Traversal
Programs that fileless viruses attach themselves to include:
PowerShell A cross-platform and open source task automation and configuration management framework Windows Management Instrumentation (WMI) A Microsoft standard for accessing management information about devices .NET Framework A free, cross-platform, open source developer platform for building different types of applications Macro A series of instructions that can be grouped together as a single command to automate a complex set of tasks or a repeated series of tasks, can be written by using a macro scripting language, such as Visual Basic for Applications (VBA), and is stored within the user document (such as in an Excel .xlsx workbook or Word .docx file)
Which malware type does not harm the system but only targets the data?
Ransomware
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes which of the following?
Session Hijacking
potentially unwanted programs (PUPs)
Software that users do not want on their computer.
Spyware
Tracking software that is deployed without the consent or control of the user.
shimming
Transparently adding a small coding library that intercepts calls made by a device and changes the parameters passed between the device and the device driver.
True or False: A USB can be used to drop almost all the types of malware
True, the malware A ______ can be used to drop includes, but is not limited to Trojans, Worms, Keyboard loggers, and Backdoors
Which of the following attacks is based on a website accepting user input without sanitizing it?
XXS
which windows versions has Microsoft stopped providing support services for?
______________ XP - stopped support on April 8, 2014 ______________ 7 - stopped support on January 14, 2020
Another category of attacks specifically targets software applications that are already installed and running on endpoints. These attacks look for vulnerabilities in the application or manipulate the application in order to compromise it. Why would they use this method to infect systems?
compromising _______________________s can provide many more potential victims than a single computer user; a single __________________________ could expose many other users who are accessing the application or web server.
Cybersecurity AI allows organizations to do the following:
detect, predict, and respond to cyberthreats in real time using ML
today every endpoint is a potential entry point because:
each ________________ is a target for attackers to attempt to steal or manipulate their data. And because the ________________s are connected to the network, a vulnerability on an ________________ can result in an attack that penetrates the network and infects all other endpoints.
classifying the diverse types of malware can be to examine the primary action that the malware performs and then group those together with similar actions. malware actions used for groupings are:
imprison, launch, snoop, deceive, and evade.
What is often the cause of Memory Vulnerabilities and malicious attacks launched to take advantage of how programs use RAM
poor techniques (or laziness) by the software developer.
