Ch 2,3 - Assessment Workflow... & Vulnerabilities...

Question 1

4 steps for Network Security Assessment Methodology

Answer 1

Reconnaissance to identify networks, hosts, and users of interest
Vulnerability scanning to identify potentially exploitable conditions
Investigation of vulnerabilities and further probing by hand
The exploitation of vulnerabilities and circumvention of security mechanisms

Question 2

ZDI

Answer 2

Zero Day Initiative

Question 3

SCADA

Answer 3

Supervisory Control And Data Acquisition

Question 4

Attack Surfaces

Answer 4

This surface often encompasses
server applications, client endpoints, users, communication channels, and infrastructure.

Question 5

Taxonomy of Software Security Errors

Answer 5

1. Input Validation
2. API abuse
3. Security features (low level)
4. Time & State
5. Errors
6. Code quality
7. Encapsulation
8. Environment

Question 6

Adversarial Goals

Answer 6

1. Data extraction/manipulation
2. Elevation of privilliges
3. Arbitrary code execution
4. Denial of Service

Question 7

Level of System Access

Answer 7

1. Remote
2. Close proximity
3. Direct

Question 8

Secrets stored in volatile memory

Answer 8

Private keys, credentials, session tokens, other cryptographic materials

Question 9

DEP

Answer 9

Data Execution Prevention

Question 10

ROP

Answer 10

Return Oriented Programming

Question 11

ASLR

Answer 11

Address Space Layout Randomization

Question 12

Logic Flaws

Answer 12

1. Inference of login info
2. Session management issues
3. Command Injection
4. Encapsulation bugs

Question 13

Common cryptographic functions

Answer 13

• Pseudorandom number generators (PRNGs)
• Protocols providing transport layer security (such as TLS and IPsec)
• Encryption of data-at-rest
• Signing of data to provide integrity checking (e.g., HMAC calculation)

Question 14

Attacks against Cryptosystems

Answer 14

1. Collisions
2. Modification of ciphertext
3. Replay of ciphertext
4. Side channel attack