1.3 Application attacks

Question 1

privilege escelation

Answer 1

vulnerability or some type of design flaw is allowing a normal user to suddenly gain extended capabilities on that system

Question 2

horizontal privilege escalation

Answer 2

where one user is able to gain access to resources that would normally only be available to another user of the same level. It doesn’t have to be an administrator account or a root account. Simply user A is gaining access to files and resources for user B

Question 3

data execution prevention

Answer 3

a way to only allow applications to run in certain areas of memory where that particular function is allowed.
safeguards in place to prevent someone from taking advantage of a privileged escalation
many operating systems will randomize where information is stored in memory so that if attacker finds a way to take advantage of a memory address on one system, they would not be able to duplicate that on another operating system

Question 4

CBE 2020-1530

Answer 4

Windows Remote Access Elevation of Privileged Vulnerability. It was released on August of 2020
attacker would only need to run a single program and they would have elevated access on that system.

Question 5

cross-site scripting

Answer 5

web applications that allows attackers to inject malicious scripts or code into web pages viewed by other users.

Question 6

stored XSS (persistant)

Answer 6

the malicious script or code is permanently stored on the target web server, often on websites that have messages, or forum posts. When a user visits a post where the injected script is displayed, the browser executes it.

Question 7

Reflected XSS

Answer 7

malicious script is embedded in a URL or in data sent to a web server as part of an HTTP request (e.g., through a query parameter). The server reflects this input back to the user’s browser without proper validation, and the script is executed when the user visits the malicious link. Reflected XSS attacks are often used in phishing campaigns

Question 8

DOM-Based XSS

Answer 8

DOM (Document Object Model)-based XSS attacks occur when the client-side code of a web application modifies the DOM without proper validation. The attacker manipulates the client-side code to execute malicious scripts in the user’s browser. This type of XSS is often more challenging to detect and mitigate

Question 9

DOM

Answer 9

Document Object Medel

Question 10

CSP

Answer 10

Content Security Policy

Question 11

Input Validation

Answer 11

Ensure that all input from users is properly validated and sanitized before being displayed on a web page.

Question 12

Output Encoding

Answer 12

Implement a CSP to restrict the sources from which content can be loaded, reducing the risk of malicious script execution.

Question 13

Code injection Attack

Answer 13

when the attacker puts their own code into an existing data stream

Question 14

SQL

Answer 14

Structured Query Language

Question 15

SQL Injection

Answer 15

when an attacker is able to manipulate or inject malicious SQL (Structured Query Language) code into a web application’s input fields or other user data entry points.

Question 16

XML

Answer 16

Extensible Markup Language used to transfer data between two different kinds of devices

Question 17

LDAP

Answer 17

Lightweight Directory Access Protocol
commonly used to store information about authentication, such as username and password, or other information about devices or users.

Question 18

DLL

Answer 18

Dynamic-Link Library

Question 19

DLL injection

Answer 19

a way to inject some code into an application to have that application execute the code for us.

Question 20

Buffer overflow

Answer 20

when one section of memory is able to overwrite a different section of memory
not a simple exploit to find, and it’s not an easy exploit for an attacker to take advantage of

Question 21

Replay attack

Answer 21

type of network security attack in which an attacker intercepts and later re transmits data packets or messages that were originally exchanged between two parties in a legitimate communication session. The goal of a replay attack is to either gain unauthorized access to a system or to manipulate the communication in a malicious way.

Question 22

ARP

Answer 22

Address Resolution Protocol.

Question 23

ARP Poisoning

Answer 23

attack in which an attacker sends malicious Address Resolution Protocol (ARP) messages to associate their MAC address with the IP address of another device on the local network. This type of attack is typically used to intercept, manipulate, or redirect network traffic, potentially leading to unauthorized access or eavesdropping on network communications.

Question 24

Pass the Hash

Answer 24

referring to the hash value that is associated with a password that is sent across the network during the authentication process. If the attacker can gain access to the hash, they may be able to replay that hash back to the server and pretend that they are the original workstation

Question 25

one click attack XSRF,CSRF (sea surf)

Answer 25

an attacker tricks a user into unknowingly making an unwanted or malicious request to a different site on which the user is authenticated.

Question 26

SSRF

Answer 26

Server side request forgery

Question 27

what is a Server side request forgery

Answer 27

allows an attacker to manipulate the server into making malicious requests to other internal or external resources on behalf of the vulnerable server

Question 28

WAF

Answer 28

web application firewall, used to prevent SSRF as long as it is configure correctly.

Question 29

Shimming

Answer 29

There are shims built into your operating system. Windows has one called the Windows compatibility mode. You can run an application, but have Windows run that application as if it is running in a different operating system. they can take advantage of this shimmed area to be able to put malware onto a computer

Question 30

Refactoring or metamorphic malware

Answer 30

downloading a unique version of that malware that will not match any of the signatures that are in your antivirus or anti-malware software. they may ad code that does nothing but changes the signature.

Question 31

SSL striping (HTTP downgrade

Answer 31

attacker can sit on the path of the communication and modify the communication between the client and a server, so that it’s able to see all of the data in that data flow

Question 32

race condition

Answer 32

problems that can occur though if multiple things are occurring simultaneously and you weren’t expecting them to occur simultaneously

Question 33

TOCTOU

Answer 33

time-of-check to time-of-use attack. type of attack is checking for things to occur on the system and making changes but knowing that there might be other changes occurring behind the scenes at the same time.

Question 34

memory leak

Answer 34

software defect or programming error in which a computer program or application fails to release or “leaks” system memory (RAM) that it has allocated but is no longer using. As a result, the application continues to consume more and more memory over time, which can eventually lead to performance degradation and, in severe cases, system instability or crashes.

Question 35

null pointer dereference.

Answer 35

software error that occurs when a program tries to access or manipulate data using a pointer that is null (i.e., it doesn’t point to any valid memory location), often leading to crashes or unexpected behavior

Question 36

interger overflow

Answer 36

an arithmetic operation exceeds the maximum or minimum value that can be represented by the data type used to store the result.

Question 37

directory traversal

Answer 37

attacker can access files and directories that are located outside the web root directory or intended access path on a web server. This attack typically occurs when an application does not properly validate or sanitize user inputs used to construct file paths.