1.3 - Application Attacks Flashcards
Define privilege escalation attack.
A cyberattack to gain illicit access of elevated rights, permissions, entitlements, or privileges beyond what is assigned for an identity, account, user, or machine.
Define horizontal privilege escalation.
When someone obtains the permissions that someone else in the same group has.
List a few ways that you can mitigate privilege escalation.
1) Patch quickly
2) Updated anti-virus/anti-malware software
3) Data execution prevention
- Only data in executable areas can run
4) Address space layout randomization
- Prevent a buffer overrun at a known memory
address
What is Cross-site Scripting(XSS)?
A type of attack that injects some kind of malicious script that is executed in the web browser.
Name three types of Cross-Site Scripting (XSS).
1) Reflected XSS
2) Stored XSS
3) DOM-based XSS
What is a Reflected XSS attack?
When a malicious script is reflected off a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. Comes from the current HTTP request.
What is a DOM-based XSS attack?
When the attack payload is executed as a result of modifying the DOM “environment “ in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. Exists in the client-side code rather than server-side code.
What is a Stored XSS attack?
When an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. This is only possible if your application is designed to store user input (a message board or social media website).
List a few ways to protect against XSS.
1) Be careful when clicking untrusted links
2) Consider disabling JavaScript
3) Keep your browser and applications updated
4) Validate input
- Don’t allow users to add their own scripts to an
input field
Define a code injection attack.
When someone puts their own code inside of an application. This is possible due to bad programming.
Define a SQL injection.
An attack that injects malicious SQL code into an application, allowing the attacker to view or modify a database.
What is an LDAP Injection?
An attack in which queries are constructed from untrusted input without prior validation or sanitization. Arbitrary commands can be used to grant permission to unauthorized queries and modify content within the LDAP tree. Similar to a SQL injection.
What is an XML Injection?
An attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intended logic of the application to perform unauthorized actions or access sensitive data.
What is a DLL Injection?
An attack technique that allows users to run any code in the memory of another process, by forcing the process to load a foreign DLL file. This can allow for unauthorized actions.
Define a buffer overflow.
Occurs when the amount of data in the buffer exceeds its storage capacity. That extra data overflows into adjacent memory locations and corrupts or overwrites the data in those locations.
Define replay attack.
A type of network attack in which an attacker captures a valid network transmission and then transmits it later. The main objective is to trick the system into accepting the retransmission of the data as a legitimate one.
Define a pass the hash attack.
A type of replay attack in which an attacker captures a password hash (as opposed to the password characters) and then passes it through for authentication and lateral access to other networked systems.
Identify some ways that you can prevent a pass the hash attack.
1) Salting the hash
2) Encryption
3) Use a session ID with the password hash to create
a unique authentication hash each time
Define session hijacking.
A method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.
Identify a few ways to prevent replay attacks.
1) Encrypt end-to-end
- HTTPS
2) Encrypt end-to-somewhere
- VPN
What is Cross-site Request Forgery?
An attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering, an attacker may trick the users of a web application into executing actions of the attacker’s choosing.
What is Server-side Request Forgery?
An attacker abuses server functionality to access or modify resources. The server is tricked into making HTTP requests to internal resources or other servers on behalf of the attacker.
What is a Driver Manipulation attack?
A sophisticated attack in which a program attempts to modify a driver’s functionality. The program exploits the legitimate purpose of the driver.
What is Shimming?
An application attempts to call an older driver, and the OS intercepts the call and redirects it to run the shim code instead. A driver shim is additional code that can be run instead of the original driver. Shimming provides the solution that makes it appear that the older drivers are compatible.
