ARP Poisoning Attack: Limitations and On-Path Attacks

Questions and Answers

What is one of the latest social engineering techniques mentioned in the text?

• Sending angry emails to intimidate victims
• Using multiple people and communication methods to earn trust (correct)
• Posing as a security analyst to gain access
• Pretending to be a deceased person to request donations

How do attackers often perform phishing attacks according to the text?

• By directly asking for sensitive information through emails
• By sending links to official company websites
• By using their real identity to gain trust
• By imitating someone familiar to the victim (correct)

What effect does the text mention that certain social engineering attacks have on individuals?

• Higher level of trust in communication
• Financial gain for the attackers
• Personal and emotional impact (correct)
• Improved security measures

In what scenario would an attacker send an email asking for donations, as described in the text?

To connect victims with malware links (D)

What is a common characteristic of phishing attacks as mentioned in the text?

Imitating trusted entities or individuals (B)

Why do attackers often imitate someone known to the victim when performing social engineering attacks?

To establish trust and deceive the victim (C)

What is another term for phishing that occurs over voice calls?

Voice phishing (C)

What is a common technique used by attackers to trick individuals into providing login credentials?

Sending fake security checks (D)

What is a way to prevent shoulder surfing attacks when using a computer in public places?

Positioning yourself with your back to the wall (A)

What type of phishing attack involves the attacker researching specific individuals within an organization?

Spear phishing (B)

How can individuals prevent others from viewing their computer screen by walking behind them?

Using a privacy filter on the LCD screen (B)

What might attackers gain by shoulder surfing?

Sensitive information displayed on the screen (D)

How can individuals prevent shoulder surfing even in densely populated areas?

Adding a privacy filter to the LCD screen (B)

What is the main concern regarding dumpster diving mentioned in the text?

Finding valuable information in the trash (B)

What is a wireless evil twin attack according to the text?

Installing a wireless access point that mimics a legitimate one to deceive users (D)

In what scenario would an attacker use a denial of service attack?

To cause a service to fail by overloading it (D)

What is the term used to describe a phishing attack targeted at someone at the executive level?

Whaling (D)

How can attackers initiate a DDoS attack to create a denial of service?

Use a botnet to take control of computers globally (C)

What is one way to mitigate the risk of falling victim to a wireless evil twin attack?

Regularly change the SSID and passphrases of access points (C)

What does the term 'no tailgating' refer to in the context of office security?

Walking through a door without proper access (B)

What is the main objective of attackers employing spear phishing or whaling techniques?

Accessing a vast amount of private information or company finances (B)

Which action could lead to an unintentional denial of service within a network?

Accidentally creating a network loop (B)

In the context of building security, what is 'piggybacking'?

Gaining unauthorized entry by holding the door for someone with proper access (C)

What is the primary reason behind encrypting data sent over networks according to the text?

To enhance data privacy and security (B)

Why do attackers often use distributed denial of service (DDoS) attacks instead of single device attacks?

To make it more challenging for victims to block the attack effectively (C)

What additional security measure do some organizations implement regarding building entry restriction?

Implementing doors that allow only one person through at a time (B)

What is one example provided in the text of how attackers might cause a physical denial of service?

Turning off power to a building housing servers (D)

What is 'dumpster diving' commonly associated with in terms of social engineering?

A technique for gathering intel by going through company trash (A)

Why is it important to be cautious about the information thrown into trash bins according to the text?

To prevent attackers from using discarded data against you (A)

'Impersonation' in social engineering involves attackers:

Pretending to be someone else to gain access or information (C)

Why is it important for every employee to ask individuals without visible passes who they are and what they're doing in the organization's premises?

To enforce strict visitor policies and prevent unauthorized access (A)

What might an attacker gain by successfully getting through the first locked door in an organization?

A wealth of information located beyond that door (A)

How do attackers make their impersonations more believable in social engineering attacks?

Gathering information from third parties or going through trash for details (B)

What is the main reason for the dramatic differences between hashes for passwords like 123456 and 1234567?

Different hashing algorithms used (D)

In the context of password hashing, what does a brute force attack involve?

Trying every possible password combination to find a matching hash (B)

Why is it challenging to determine the original password from its hash?

Hashing is a one-way process (A)

What makes performing a brute force attack time-consuming?

Large number of possible password combinations (A)

Why does the text mention examining passwords like A-A-A-A-A and A-A-A-A-B during a brute force attack?

To illustrate the exhaustive nature of brute force attacks (A)

What is the purpose of using a username, account number, and password hash in the same line in a Linux device?

To securely store user credentials (B)

What vulnerability was associated with Log4j?

Man-in-the-middle attack (D)

What attack allows an attacker to sit in the middle of a conversation and potentially modify the information being sent?

ARP poisoning (B)

What is the purpose of ARP poisoning as described in the text?

To exploit lack of security in ARP (D)

How does ARP spoofing work in the context of the text?

By impersonating IP addresses (A)

What information is typically stored in an ARP cache on a device?

IP addresses and MAC addresses (B)

How does ARP poisoning enable an attacker to intercept traffic?

By modifying the victim's ARP cache (A)

What happens when an entry in the ARP cache expires?

The ARP process needs to occur again (C)

What is the significance of ARPs in network communication?

Resolving IP addresses to MAC addresses (A)

What steps can be taken to mitigate ARP poisoning attacks?

Employing techniques like ARP spoof detection (C)

In what situation would an attacker use ARP poisoning effectively?

When trying to intercept plaintext traffic on a local network (B)

What is the main issue discussed in the text?

Zero-day vulnerabilities (A)

How did the Zeus botnet infect millions of PCs?

By sending malware to unsuspecting users (C)

What is a zero-day vulnerability?

A vulnerability that has never been identified or publicly disclosed (B)

How do attackers differ from researchers when it comes to vulnerabilities?

Attackers try to exploit vulnerabilities, while researchers try to prevent exploitation (A)

What is the significance of the Log4j vulnerability discussed in the text?

It affected millions of devices with Apache web servers (A)

How can organizations mitigate distributed denial of service (DDoS) attacks?

Filtering out specific traffic patterns and working with ISPs (B)

What was the timeframe between discovering the Log4j vulnerability and having patches available?

5 days (A)

True or False: The Log4j vulnerability existed in the code since 2019.

Fill in the Blank: The Zeus botnet was able to infect over 3.6 million PCs without the users' __________.

What is a limitation to an ARP poisoning attack?

Access to the local subnet is not needed (C)

How does an on-path browser attack differ from traditional ARP poisoning attacks?

It involves intercepting information directly from the browser (D)

What is the advantage of capturing information in the browser during an attack?

Information is unencrypted at that stage (A)

What security risk arises if passwords are stored in plain text?

Access to everyone's credentials is compromised (D)

Why is hashing a recommended method for storing passwords?

Creates a unique fingerprint for each password (A)

What does it mean when a hashing function has 'collisions'?

Two different inputs produce the same output hash (B)

What makes hashing ideal for storing passwords?

'Collisions' enhance password security (D)

Why is a hash referred to as a 'fingerprint'?

'Fingerprint' implies a unique identification for each input (A)

What is the purpose of a hash in password storage?

'Hashes' prevent direct retrieval of original passwords (C)

What is the primary reason that performing a brute force attack online can be challenging?

Lockout after multiple failed login attempts (A)

Why do hackers take the hash file offline when performing a brute force attack?

To prevent lockout on the account (B)

What resource-intensive process do attackers perform during a brute force attack?

Going through every possible password combination (A)

What advantage do attackers gain by taking the hash file offline during a brute force attack?

Reduced chances of account lockout (C)

Why do human beings tend to use real words as part of their passwords according to the text?

For ease of remembrance (A)

What is the consequence of running into a lockout on an account during a brute force attack?

Account gets permanently locked (B)

What term is used to describe the act of adding code to an application for malicious purposes?

Code injection (D)

In the context of the text, what is SQL?

Structured Query Language (A)

What could potentially be accessed in a database through a successful SQL injection?

Sensitive financial information (B)

What does injecting 'or 1=1' into SQL code aim to achieve?

Retrieve all data from the database (A)

Why is SQL injection considered a severe vulnerability?

It allows unauthorized access to sensitive data (C)

In the text, what database manipulation technique is specifically discussed?

SQL manipulation (C)

What is the purpose of the Web Goat application mentioned in the text?

Train users on vulnerabilities (C)

What does adding '1 equals 1' at the end of a SQL query signify?

'True' condition for all entries (A)

'Piggybacking' in terms of office security refers to:

'Tailgating' behind authorized personnel (B)

What type of code could be injected into an application based on the text?

HTML, SQL, XML, LDAP, and other code types (B)

What is the purpose of validating all input provided to an application?

To ensure that only authorized and safe data is processed (D)

What does it mean when a system is not compliant with the standard operating environment (SOE)?

The system is not running the latest patches and software versions (D)

When are Microsoft patches typically introduced?

During Patch Tuesday on the second Tuesday of every month (C)

Why do organizations automate the process of updating hundreds or thousands of devices?

To quickly and efficiently update systems without manual intervention (A)

What is one advantage of next-generation firewalls mentioned in the text?

They can identify details about applications going across the network (B)

What is the main motivation for organizations to monitor application traffic?

To identify unauthorized applications being used on the network (B)

What is one reason automation is commonly used to evaluate systems at certain checkpoints?

To save time and effort of IT professionals in checking systems manually (D)

Why is it challenging for IT professionals to manually verify all system patches on multiple machines?

Because it becomes time-consuming with a large number of devices (D)

What does it mean when a system is flagged as 'non-compliant' during login attempts?

The system is not up to date with required patches and configurations (D)

What is one potential drawback of having manual checks on systems rather than automated evaluations?

Increased likelihood of missing critical security updates (D)

What type of cross-site scripting attack involves placing malicious code on a centralized server?

Stored cross-site scripting attack (C)

In the context of the text, what is one way to mitigate a cross-site scripting attack?

Turn off JavaScript in your browser (B)

What was the vulnerability found in Subaru's web based front end according to the text?

Unlimited lifetime session IDs (C)

What is one thing that Subaru corrected in response to the vulnerability found by Aaron Guzman?

Implemented proper validation of session IDs (A)

What is a recommended practice to help avoid clicking on malicious links provided in email messages?

Avoid clicking any links in emails (C)

What problem did Aaron Guzman find with the session ID information on Subaru's website?

'Token' never expired (D)

What was a consequence of the session ID information not expiring on Subaru's website?

'Token' accessible by anyone (B)

Why was it problematic that the session ID information on Subaru's website was not properly validated?

'Token' could be used by others (C)

What is an example of a way attackers can spread a cross-site scripting attack quickly, as mentioned in the text?

Social networking site comment (D)

What is one practical way to prevent potential cross-site scripting problems according to the text?

Keep browsers and apps up to date (B)

What is a common issue addressed by organizations in their patch management process?

Deploying patches to ensure system security (C)

Why do security teams need to carefully balance deploying security controls?

To keep systems safe and data accessible (A)

What is the importance of knowing when an application or operating system reaches its end of life (EOL)?

To continue receiving updates and security patches (B)

What is the main concern with the BYOD (bring your own device) policy in organizations?

Creating a security risk with personal and corporate data on the same device (C)

Why should application developers avoid instructing users to disable antivirus or firewall programs during troubleshooting?

To prevent creating security vulnerabilities (A)

What happens once an operating system reaches its end of service life (EOSL)?

No more bug fixes or security updates are released (C)

What is a key challenge with ensuring security in BYOD environments?

Segmenting personal and corporate data effectively (C)

What issue arises when an operating system reaches its end of service life (EOSL)?

The OS is no longer supported and no updated security patches are released (C)

What term is used to describe the method where attackers use a set of words to crack passwords more efficiently?

Dictionary attack (D)

Why is a dictionary attack more time-efficient compared to trying every possible combination of characters for password guessing?

It has a smaller word pool to search through (D)

What is a common method attackers use to make dictionary attacks more effective?

Changing numbers to letters (C)

How do attackers try to overcome users substituting characters in passwords, such as 'O' to '0' or 'L' to '7'?

By changing out common substitutions in the dictionary attack (C)

What are attackers hoping users have selected as part of their password when conducting a dictionary attack?

'Real words' that can be found in the dictionary (D)

Why is it difficult to discover passwords that are not part of the dictionary during a dictionary attack?

'Real words' are not common passwords (B)

What additional resource might attackers use during a dictionary attack to speed up the process?

Graphics card or GPU (C)

What is a significant limitation of a dictionary attack in terms of discovering passwords?

'Real words' may not be part of the dictionary (B)

What institutional knowledge do insiders possess that might help them in potential attacks?

Location of devices and servers within the organization (C)

What is one reason why protecting against insider threats is particularly challenging?

Insiders already have a level of trust within the organization (D)

Why is it important to ensure that software is not susceptible to SQL injection attacks?

To protect sensitive information in databases (A)

What is the main reason for always keeping browsers updated to the latest version?

To prevent vulnerabilities that can be exploited by attackers (D)

How does cross-site scripting (XSS) differ from cascading style sheets (CSS)?

XSS allows sharing information between sites, while CSS controls the layout of web pages. (C)

How might an attacker exploit a cross-site scripting vulnerability to gain access to sensitive information?

By running malicious scripts in a user's browser (D)

What could be a potential consequence of an attacker obtaining a user's session ID through a cross-site scripting attack?

Accessing the user's account on the vulnerable website (C)

Why might disabling JavaScript in a browser not be an effective solution to prevent cross-site scripting attacks?

Websites may not function properly without JavaScript (A)

What could happen if a user clicks a link in an email that triggers a script in a cross-site scripting attack?

Sensitive information could be sent to the attacker (A)

Flashcards are hidden until you start studying

Study Notes

• Social engineering attacks are evolving, with attackers using multiple methods of communication and posing as various entities to gain trust and access.
• Intimidation tactics, such as posing as angry customers, are used to gain information or access.
• Phishing attacks involve spoofing and imitating known entities, often leading victims to fake login screens or websites.
• Shoulder surfing is the act of looking at someone's screen to obtain sensitive information.
• Shoulder surfing attacks can be prevented by being aware of surroundings, positioning oneself with a back to the wall, or adding privacy filters to LCD displays.
• Spear phishing is a targeted form of phishing, often aimed at individuals with access to valuable information, such as executives or those in charge of finances.
• Piggybacking refers to someone gaining unauthorized access to a secure area by following someone with authorized access.
• Social engineering attackers use impersonation tactics, such as pretending to be from the helpdesk or the executive team, to gain trust and information.
• Dumpster diving, or going through a company's trash, is a common form of social engineering used to gather intel for attacks.