Application & Memory-Based Attacks

Question 1

Finding Malware

Answer 1

Finding malware → malware often runs in system memory rather than on disk, so memory forensics analyzes active processes, dynamic link libraries, threads, buffers, and other in-memory artifacts to detect malicious code that may evade traditional file-based scans.

Question 2

Memory Injection Attacks

Answer 2

Memory injection attacks → attacks where malicious code is inserted directly into the memory of a running process, allowing the attacker to execute code without writing files to disk and making detection more difficult.

Question 3

DLL Injection

Answer 3

Dynamic link library injection (DLL injection) → memory injection technique where an attacker forces a running process to load a malicious dynamic link library, causing the malicious code to execute within the context of a trusted process.

Question 4

Buffer Overflow Attack

Answer 4

Buffer overflow attack → attack that occurs when a program writes more data to a memory buffer than it can handle, causing excess data to overwrite adjacent memory and potentially allowing attackers to execute arbitrary code or crash the system.

Question 5

Bounds Checking

Answer 5

Bounds checking → security practice that ensures data written to memory stays within allocated limits, preventing buffer overflow attacks by rejecting or safely handling oversized input.

Question 6

Race Condition

Answer 6

Race condition → vulnerability that occurs when the outcome of a process depends on the timing or order of events, allowing attackers to manipulate execution flow by triggering actions at precisely the right moment.

Question 7

TOCTOU

Answer 7

Time-of-check to time-of-use (TOCTOU) → race condition where a system checks a resource’s state and then uses it later, allowing attackers to change the resource between the check and the use.

Question 8

Malicious Updates

Answer 8

Malicious updates → attack technique where attackers distribute compromised software updates, emphasizing the need to verify update sources, download directly from developers, and treat every installation as potentially malicious.

Question 9

Automatic Updates

Answer 9

Automatic updates → update mechanism that installs patches without user intervention, improving security by reducing exposure time but still requiring trusted sources and integrity verification.