Security + Domain 1.3
What is shimming?
A shim is a small library that is created to intercept api calls transparently and do 1 of 3 things: handle the operation itself, change the arguments passed, or redirect the request elsewhere
What is resource exhaustion attack?
Application continuously allocates additional resources, exhausting machine resources leading to a system hang or crash, also Memory leaks, can also exhaust other resources like CPU, disk or Network
What is buffer overflows
Attacks used to exploit poorly written software, exist when a developer does not validate user input to ensure size, too large can overflow the memory buffer
How do you defend against a session replay?
Disallow session ID reuse in web apps
What is SSL stripping?
Downgrading website from https to http, have to have 3 entities, victims system, secure web server, and attackers system attacker intervenes in the redirection from http to https
How do you counter a SSL stripping attack?
Enable https on all pages of the website, implement http strict transport security policy so the browser requires https
How to prevent pass the hash?
Enforce least privilege access, analyze applications to determine which require admin privileges, use flexible policies that allow only trusted applications to run and in specific context. Windows 10 Credential guard.
What is a LDAP Attack?
Exploits weaknesses in LDAP implementations can occur when user's input is not properly filtered result can be executed commands, modified content or results returned to unauthorized queries
What is a Directory Traversal attack?
Gain access to restricted directories, get access through HTTP, using a command injection attack that carries out the action. get access to root directory.
What are countermeasures for Integer Overflow?
Good Coding Practices, appropriate typing of variables, using larger variable types, like Long or Long int
How to prevent Pointer/Object dereference?
Good coding is the best protection, code should check to make sure it is not NULL before dereferencing it.
how do you defend against a Cross-Site Scripting attack?
Input validation and filtering, validate data length and data type. Filters out malicious type input
What is a memory leak?
Most common issue in memory management, usually failure to deallocate memory that has been allocated
What is an integer overflow?
Putting too much information into too small of a space that has been set aside for numbers, error when an integer operation does not fit within the allocated memory space, caused unexpected results, one of the most dangerous software errors - error message overflow or arithmetic overflow
What is a DLL attack?
Situation where malware tries to inject code into the memory process space of a library using a vulnerable / compromised DLL
What is countermeasure for memory leak?
Static code analyzer can check to see if all memory allocation commands have a matching deallocation command.
What are the countermeasures for API Attacks?
TLS, OAuth, request timestamps, key/password hash
What is Cross-Site scripting (XSS) ?
Type of injection which malicious scripts are injected into otherwise benign and trusted websites, occur when an attacker uses a web application to send malicious code to a different end user, occur when web apps contain reflected input
How to prevent buffer overflows?
Use input validation
What is SQL injection attack?
Use unexpected input to a web application to gain unauthorized access to an underlying database, Not new and can be prevented through good code practices
What is Extensible Markup Language (XML)?
When users enter values that query XML (XPath) with values that take advantage of exploits, AKA XML Injection attack
What is session replay?
an attacker steals a valid session ID of a user and reuses it to impersonate an authorized user and perform fraudulent transactions or activities
What is pointer/object dereference?
attack that consists of finding null references in a target program and dereferencing them, causing an exception to be generated.
What is Pass the Hash attack?
attacker captures a password hash and the passes it through for authentication and lateral access
What is an API attack?
attempts to manipulate the application programming. Include DDOS, man in the middle, and injection attacks focused on API Goals are to gain additional resource or data access or interrupt service
What is a race condition attack?
condition where the system's behavior si dependent on the sequence or timing of other uncontrollable events
How do you defend against Cross-Site forgery?
create web apps that use secure tokens and site that check the referring URL to maker sure it cam from a local site
What are countermeasures for exhaustion attack?
good software development, limiting what files and apps can be executed on endpoints.
What are SQL injection countermeasures?
input validation, use prepared statements and limit account privileges
What is the defense to XPath?
make sure user input is filtered and sanitize it to make certain that it does not cause XPath to return more data than it should
What is privilege escalation?
security hole created when code is executed with higher privileges than those of the user running it
What is a Cross-site request forgery (XSRF or CSRF)?
similar to Cross-site scripting attacks but exploit a different trust relationship. Exploits user trust in a website to execute code on the user's computer.
What is XPath?
similar to SQL does not have the same levels of access control, exploits can return an entire document
What is dereferencing?
taking away the reference and giving you what it was actually referring, Vulnerability in memory that usually the applications to crash or a denial of service is a Null Pointer Dereference, in this case there is nothing at the memory address to dereference and the application crashes.
What is refactoring?
techniques used to identify the flow and then modify the internal structure of the code without changing the code's visible behavior. Malware uses this to look for code that can be exploited
what is the difference between pass the hash and pass the ticket
ticket expiration, Kerberos ticket expire in 10 hours, NTLM hashes only change when a user changes their password.
What is a Time-Of-Check-To-time-of-use?
timing vulnerability that occurs when a program checks access permissions too far in advance of a resource request - file locking transactions in file system or OS kernel
What is error handling?
validate data (test for completeness, test for data type - valid data); don't allow system to crash; change color of textbox with errors - element of good coding practices
How to defend against a directory traversal attack?
vulnerability scanners will check for weaknesses with directory/traversal command injection and inform you of their presence, run scans and keep server software patched.