Types of Attacks

Question 1

What is an online attack?

Answer 1

They are trying to attack your creds directly onto the system. Repeatedly trying your account.

Question 2

What is an offline attack?

Answer 2

Attacks involve compromising a service/account later on.

hacker get a download a database. on their own system to attempt later to login on an online server.

Question 3

What is a dictionary attack?

Answer 3

using a list of words or previously compromised passwords

Question 4

what is a brute force attack?

Answer 4

trying every possible combination of password with a single account.

Question 5

What is password spraying?

Answer 5

trying a single password against all possible accounts.

Question 6

What are rainbow tables?

Answer 6

precomputing plaintext/hash pairs to form a lookup table that is used.

Question 7

What is pass the hash?

Answer 7

Attacker grabs the actual hash that is being used and uses that instead of wasting time cracking the plain text password.

This was an issue with LM and NTLM in Windows.

Question 8

What is input validation?

Answer 8

Is a process of checking that the data that is being inputted is correct.
and if not, you cannot submit the info. Prevents the injection of malicious instructions

Example: when you are trying to submit a form and it tells you to fix a certain field before proceeding.

Question 9

What is input Sanitization?

Answer 9

Is where you can fix the users mistakes. You are cleaning up their input.

Example. If a user puts a - or a space, you can clean up all those characters.

Question 10

What is a buffer overflow?

Answer 10

A vulnerability in software coding that can be exploited by hackers to gain access to systems.

The data exceeds data space and it overflows into the important processes..

Question 11

What is memory buffer?

Answer 11

Is just a holding spot for data to be hold as it is transferred between location.

Question 12

What is a pointer/Object Dereferencing?

Answer 12

Refers to a memory address associated with some data. They “point to the data”

so the pointer references a specific data location in memory.

The hacker could point to a different data.

Question 13

What is a memory leak and Resource exhaustion.

Answer 13

When application don’t surrender memory space after they are done using it. The application memory consumption balloons over time.

It can cause resource exhaustion and therefor denial of service.

Question 14

What is a Structured Query Language (SQL) injection and what can attackers to do with it?

Answer 14

A code injection attack to attack data driven application. They insert input statements into fields for malicious purposes. Typically attacks against websites where inputs are needed.

1=1

Bypass security mechanisms (confidentiality)

Tamper with data ( integrity)

Cause downtime (availability)

Question 15

How do you stop a SQL injection attack?

Answer 15

Input validation. Make sure to sanitize the info.

Question 16

What is Cross site scripting (XSS)

Answer 16

Malicious code that is injected into web pages which then is executed on visitor’s local machine. For example: attacker sets a script under the comments field then others can read.

Usually done by JavaScript.

EX. Credentials taking / downloading malware / redirecting URL

Question 17

How do you sanitize a post to avoid XSS attacks?

Answer 17

Remove the < > brackets.

Also set up tokenization which means that for every single transaction and/or click on a site, a new token is needed to proceed.

Question 18

What are replay attacks?

Answer 18

When a message or a request is sent again (replayed)

Question 19

How can you stop Replay attacks?

Answer 19

Using one time session passwords,

implementing idle timeouts,

protecting session id with encryption.

Question 20

What is a path/directory traversal?

Answer 20

It is used to access data that is unintentionally exposed.

../../
%2e = an actual DOT
%2f = a /

Question 21

How is path/directory traversal mitigated?

Answer 21

By proper file system permissions.

Only people who have access to such directories should have access to them. Others should get denied.

Question 22

What is an API?

Answer 22

Application programming interface.

This allows users to program manage resources.

Question 23

What are examples of driver attacks?

Answer 23

Driver shimming: the placement of a driver between software components which allows communications to be intercepted.

Driver refactoring: the malicious modification of existing drivers

Question 24

How can you stop driver attacks?

Answer 24

Driver shimming: secure boot - checks all drivers and makes sure they are signed before running.

Driver Refactoring: download drivers from legit sites and confirming the HASH output.

Question 25

What is C2 or C+C?

Answer 25

Attacker sends instructions to a command and control server that then sends responses.

BEACONING is part of this type of attack.

Question 26

What is a botnet?

Answer 26

a collection of of bots who are acting in concert.

Bots may perform some actions like DoS, Spam email.

Question 27

What is on-path attack

Answer 27

Man in the middle attack.

May be used to
eavesdrop - confidentiality
interfere- availability
modify - integrity

Question 28

What is an example of on path attack?

Answer 28

ARP Spoofing.

ARP request = finds MAC address of device.

GARP - Gratutious ARP is when attacker sends a wrong mac info since switches only look at frames.

Question 29

How to prevent ARP Spoofing?

Answer 29

Set up on switches DAI - Dynamic Arp Inspections.

Question 30

What is DNS Spoofing?

Answer 30

Attacker compromised DNS entries on a DNS server.

Question 31

What are Script Kiddies?

Answer 31

Less Skill and knowledge, simply uses scripts. There are many of hackers under this category.

Question 32

What are Hactivist?

Answer 32

Hackers who attack organizations for political reasons.

Question 33

What are Organized Criminals?

Answer 33

Criminal hackers who typical seek financial gains.

Question 34

What are competitors?

Answer 34

Unethical businesses attempt attacks on competitors; competitors form certain countries more likely to engage.

Question 35

What are insiders?

Answer 35

Employees or ex employees who are now a potential threat.

Question 36

What are nation states / state actors?

Answer 36

Intelligence agencies, militaries, and dedicated cyber warfare organizations.

Question 37

What is a APT?

Answer 37

Advanced persistent threat is an ongoing series of sophisticated attacks; associated with nation states.

Typically Stealthy threat actors.