Evasive Maneuvers and Combining Techniques Flashcards
How can string terminators be used to bypass security controls?
Null bytes or other symbols are often interpreted as string terminators. When these symbols are not filtered out, they could terminate a security control process, because in many back-end programming languages a null byte is interpreted as a sign to stop processing. With that, string terminators could be used to bypass security controls like input validation.
Which BurpSuite Intruder attack mode is adequate to use when case switching resets the number of attempts limited by the security controls?
Pitchfork.
When can case switching result in a security control bypass?
When the security control is built around the literal spelling and case of the components within a request.
In a rate-limited API, what are the two things that a case switching can do?
Performing a case switching in this scenario can reset or completely remove the security control.
What are the three cited evasive maneuvers?
String terminators, case switching and encoding payloads.
What common API security control can detect an attack and prevent you from making additional successful requests?
WAF (Web Application Firewall)
Which of the following Wfuzz commands will result in applying multiple rounds of encoding to a single payload?
a) $wfuzz -e a-b-c,base64 -t http://example.com
b) $wfuzz -z list,a-b-c,base64-md5-url -u http://example.com/api/v2/FUZZ
c) $wfuzz -z list,a-b-c,base64-md5-url -u http://target.com/api/v2/FUZZ
d) $ wfuzz -z list,a-b-c,base64@base64@md5@ -u http://target.com/api/v2/FUZZ
Letter d. The use of @, indicates to apply multiple encodings in one single value.
Which of the following vulnerabilities are great platforms to combine with other attack attempts? Select all that apply.
a) Excessive Data Exposure
b) Broken Function Level Authorization
c) Broken Object Level Authorization
d) Improper Assets Management
e) Cross-site Scripting
Letters a and d.
