Information Technology /Security+ (SY0-701): Lesson 13: Analyze Indicators Part 4
Security+ (SY0-701): Lesson 13: Analyze Indicators Part 4
This deck covers key concepts and definitions related to security vulnerabilities and attacks, including code execution, privilege escalation, buffer overflow, replay attacks, and HTTP protocols.
Define 'arbitrary code execution'
A vulnerability that allows an attacker to run their own code or a module that exploits such a vulnerability.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/41
Key Terms
Term
Definition
Define 'arbitrary code execution'
A vulnerability that allows an attacker to run their own code or a module that exploits such a vulnerability.
Define 'remote code execution'
A vulnerability that allows an attacker to transmit code from a remote host for execution on a target host.
Define 'privilege escalation'
Practice of exploiting flaws in an OS or application to gain a greater level of access than was initially intended for the user or application.
What are the two type of privilege escalation?
Vertical privilege escalation
Horizontal privilege escalation
Define 'Vertical privilege escalation'
When an attacker can access functionality or data that should not be available to them.
Define 'Horizontal privilege escalation'
When an attacker accesses or modifies specific resources that they are not entitled to or is intended for someone else.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Define 'arbitrary code execution' | A vulnerability that allows an attacker to run their own code or a module that exploits such a vulnerability. |
Define 'remote code execution' | A vulnerability that allows an attacker to transmit code from a remote host for execution on a target host. |
Define 'privilege escalation' | Practice of exploiting flaws in an OS or application to gain a greater level of access than was initially intended for the user or application. |
What are the two type of privilege escalation? |
|
Define 'Vertical privilege escalation' | When an attacker can access functionality or data that should not be available to them. |
Define 'Horizontal privilege escalation' | When an attacker accesses or modifies specific resources that they are not entitled to or is intended for someone else. |
How can privilege escalation be detected? | Detailed analysis of code or process execution in real time or application logging as well as endpoint protection. |
Define an applicaiton 'buffer' | An area of memory that an application reserves to store some value. |
Define a 'buffer overflow' attack | Attacker passes data that deliberately fills the buffer to its end and then overwrites data at its start. |
Define a 'replay attack' | Attacker intercepts a session token from a cookie used to authenticate a user and reuses it to try to reestablish an illegitimate session. |
How can an attacker capture HTTP cookies? | Sniffing network traffic via an on-path attack or when they are sent over an unsecured network; Malware infecting a host; cross-site scripting (XSS). |
Define a 'forgery' attack | Exploits weak authenticated sessions to perform an unauthorized request via a hijacked session. |
Define 'cross-site request forgery (CSRF)' | A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser. |
What is the function of performing cross-site request forgery (CSRF)? | Exploit applications that use cookies to authenticate users and track sessions. |
How is cross-site request forgery (CSRF) accomplished? | Attacker must convince the victim to start a session with the target site, then pass an HTTP request to the victim's browser that spoofs an action on the target site, such as changing a password or an email address. |
Define 'server-side request forgery (SSRF)' | Exploits the lack of authentication between the internal servers and services and lack of input validation - causing a server application to process an arbitrary request that targets another service. |
Define a 'server-side' attack | Typically and injection attack; Causes the server to do some processing or run a script or query in a way that is not authorized by the application design. |
Define an 'injection attack' | An attack that exploits weak request handling or input validation to run arbitrary code in a client browser or on a server. |
Along with SQL, what other protocols/languages are susceptible to injection attacks? | LDAP, XML. |
Define a 'Directory traversal' | Web application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory. |
How is a directory transversal performed? | Threat actor submits a request for a file outside the web server's root directory by submitting a path to navigate to the parent directory. |
How is a directory transversal mitigated? | Input validation and proper access permissions. |
Define a 'canonicalization attack' and how it is executed | Attack method where input characters are encoded in such a way as to evade vulnerable input validation measures. |
What is the purpose of utilizing a canonicalization attack? | To disguise the nature of the malicious input. |
Define a 'command injection' | Threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application. |
What level of privilege should a webserver give a client to prevent any type of injection attack? | Guest |
What are the typical areas/mechanisms used to initially detect a high-jacking/replay, forgery, and injection attack? | URL analysis and the web server's access log. |
How can a URL be manipulated to be an attack vector? | By being encoded with some type of action or data to submit to the host server. |
What are the 5 components of an HTTP request? |
|
What are the 3 types of HTTP requests methods? |
|
Define a 'HTTP get' request method | Used to retrieve a resource. |
Define a 'HTTP post' request method | Used to data to the server for processing by the requested resource. |
Define a 'HTTP put' request method | Used to create or replace the resource. |
What ways can data be submitted to a server? | Post/Put methods, HTTP headers/body, or by encoding the data within the URL used to access the resource. |
What character is used to identify data submitted via URL? | Data submitted via a URL is delimited by the '?' character, which follows the resource path. |
How is a query defined in a URL? | The query string begins after the question mark (?); Query parameters are represented as a unique key-value pair or two linked data items with an (=) separating each value. |
Define a HTTP response code | The header value returned by a server when a client requests a URL. |
What is the purpose of a reserved character in a URL? | Used as delimiters within the URL syntax. |
Define 'percent encoding' | A mechanism for encoding characters as hexadecimal values delimited by the percent sign. |
What do HTTP response codes in the 400 range indicate? | Indicate client-based errors. |
What do HTTP response codes in the 500 range indicate? | Indicate server-based errors. |