1.3 Given a scenario, analyze potential indicators associated with application attacks.

Question 1

What is Privilege Escalation?

Answer 1

The process of accessing a system at a lower authentication level and upgrading (escalating) authentication to a more privileged level for more attack opportunities.

Question 2

What is Cross-site scripting (XSS)?

Answer 2

It can affect both hosts and Web Applications. A malicious script injected into a trusted site that the client browser uses. Since this content is usually elevated in privilege, The malicious content could be sent to a client with those same elevated privileges. From there, they can gather information. These make up the majority of web-based attacks.

Question 3

What is an injection attack?

Answer 3

An injection attack injects additional code or malicious content into a site, typically from an opening provided through user input.

Question 4

What is a Structured Query Language (SQL) injection?

Answer 4

SQL can be used to create and manipulate database structures as well as the data that resides in those structures. SQL injection attacks will attack a database through vulnerabilities in the Web application by sending SQL input (normally in the form of SQL database manipulation commands) to the database.

Question 5

What is a Dynamic -link Library injection?

Answer 5

This technique is used by bad actors to get users to run malicious code, The code runs in the address space of another process and loads a malicious DLL. Once it is ran, all the usual impact come into play: Zombified systems used for DDoS attacks.

Question 6

What is a Lightweight Directory Access Protocol injection.

Answer 6

An LDAP injection can be performed on any directory services database that has not been secured; its purpose, like other forms of injection, is to get data from the directory database that the user would otherwise not has access to normally. It involves embedding LDAP query commands into routine Web applications requests and getting data back in response.

Question 7

What is an Extensible Markup Language injection?

Answer 7

This injection sends malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing. It’s important to harden Web pages against these type of attacks.

Question 8

What is a pointer/object dereference?

Answer 8

When a pointer accesses memory that has a stored value, this is known as a pointer/object dereference.

Question 9

What is Directory Transversal?

Answer 9

it is an attack in which the entire directory of a web site and its server are examined with the intent of locating files of interest to the attacker.

Question 10

What are Buffer Overflows?

Answer 10

A buffer overflow is a condition by which an attacker, through malicious input or an automated exploit, sends unexpected input into a program, usually into its memory registers or buffers. Can be prevented through secure secure coding practices, including input validation, data type and length restrictions, error-handling.

Question 11

What are Race Conditions?

Answer 11

When the effect of two or more simultaneous transactions can result in undesired results. These race conditions manifest a counters, totals, and other usually integer values that simply don’t add up correctly. The impact of race conditions varies from incorrect values incorrect values in Web carts to system stops to privilege Escalation.

Question 12

What is Time of Check/time of use?

Answer 12

It is a bug that can happen with a race condition where exploits can happen between the program checking the state of something and doing something about the results.

Question 13

What is Error Handling?

Answer 13

It is the response in anticipation of potential aftermaths after an exception or unexpected input. An example of a program response would would be a program entering a Safe state after an exception to stop bad actors from further attacking.

Question 14

What is improper input handling?

Answer 14

A poorly written program or a great program attacked by a clever attacker can take in or handle improper information. This improper input handling can lead to unauthorized access to data, unexpected or undesired commands executed on a web server, and more.

Question 15

What is a replay attack?

Answer 15

A replay attack is an attack where the attacker captures some type of legitimate traffic and resends it as needed to do something malicious.

Question 16

What are session replays?

Answer 16

A session replay is a man - in the middle attack where the bad actors intercept a session in progress and replays it to the web server in attempt to get access to the web application. HTTPS makes session replay attacks much more difficult.

Question 17

What is an Integer Overflow?

Answer 17

Integer Overflows are when a value greater than an Integer variable causes the application to stop couching. The impact of all these situations is similar in that the system will at best kick out an error and at worst cause a system lockup.

Question 18

What are Server-side Request Forgeries?

Answer 18

If an attacker can forge an HTTP request to get the web server to quiet somewhere else, they might be able to gain access to critical information, like logins, PII, etc.

Question 19

What is a cross-site Request Forgery?

Answer 19

Cross-type request forgery attacks attempt to steal authentication from session cookies during a user’s current browsing session. This attack requires that the user already be authenticated to the secure site, so that their session credentials are stored in the browser.

Question 20

What are application programming interface (API) attacks?

Answer 20

Interconnecting applications requires functions and procedures—programming— that can bridge the gap to, in effect, translate from one application to the other. These helper/translator applications are called APIs.

Question 21

What is resource exhaustion?

Answer 21

It is the result of an attack that takes advantage of one or more of the memory-specific vulnerabilities previously described to being down the system. Resource exhaustion is the basis for a denial-of-service attack to make resources unavailable for legitimate users.

Question 22

What is a memory leak?

Answer 22

A memory leak is a general issue where a single process begins to ask for more and more memory from the system without ever releasing memory. Eventually, a system reaches a memory full state and stops working.

Question 23

What is Secure Sockets layer (SSL) stripping?

Answer 23

SSL stripping is a man in the middle attack to get users to connect to an HTTP web site when they mean to go to an HTTPS website. This attack detects a legitimate HTTPS request from a client, steps away the HTTPS data, and redirects the user to a look-alike site, hoping they will enter a user name and password. You can protect against this by configuring a web browser to treat any non-secure web page as a security risk.

Question 24

What is driver manipulation?

Answer 24

It is when an attacker sends communications to device drivers to make them do things they were never supposed to do, or can replace the device drivers with corrupted device drivers to gain privilege escalation or launch spoofing attacks.

Question 25

What is shimming?

Answer 25

A shim is a library that responds to inputs that the original device driver isn’t designed to handle. Inserting an unauthorized shin, called shimming, or a shim attack, does not require replacing an actual file— it relies on listening for inputs that the original device drivers isn’t written to hear.

Question 26

What is Refactoring?

Answer 26

It can mean to reprogram a device driver’s internals so that the device driver responds to all of the normal inputs and generates all the regular outputs, but also generates malicious output.

Question 27

What is a pass the hash attack?

Answer 27

A pass the hash attack takes advantage of weak points in the NT LAN Manager (NTLM) and LANMAN protocols. Modern windows systems mitigate against this sort of attack.