Ethical Hacking - Unit 1 Quiz

Questions and Answers

Which of the following best defines 'Authentication'?

• A method to assess the risk level of an asset
• The approval process for authorized users
• A process by which a person proves their identity (correct)
• A measure of resource accessibility

What does the term 'Attack Surface' refer to?

• The hardware vulnerabilities present in a system
• The collection of executable software services that can be exploited (correct)
• The total number of attacks a system has experienced
• The physical area of a network exposed to potential breaches

Which of the following represents a component of the CIA triad?

• Integrity (correct)
• Reliability
• Authenticity
• Accessibility

What characterizes 'Malware'?

Malicious software inserted for harmful purposes (A)

What is meant by 'Vulnerability' in the context of information security?

Weaknesses in hardware or software that can be exploited (D)

Which type of rootkit modifies the core components of the operating system?

Kernel-Level Rootkit (C)

What is 'Risk' in terms of information security?

The likelihood of a resource being attacked (A)

What is a primary function of an encrypted virus?

It encrypts itself to prevent detection. (A)

What is the main action performed by Cross-site scripting (XSS)?

Inject malicious scripts into web pages (D)

How do polymorphic viruses primarily avoid detection?

By constantly rewriting their own code. (D)

Which option best describes 'Authorization'?

The specification of access levels for authorized users (B)

What are common storage media that need protection?

Hard Drives, SD cards, and CD-ROMs (B)

Which of the following is a common countermeasure against Cross-site request forgery (CSRF)?

Validate cookies, query strings, and form fields (B)

What is a common way Trojans can affect a user's system?

They monitor user activity without consent. (C)

Which of the following accurately describes rootkits?

They are designed to provide privileged access. (C)

What kind of attack allows an attacker to perform actions on behalf of an authenticated user without their consent?

Cross-site request forgery (CSRF) (B)

Which characteristic isNOT typical of spyware?

Creating backdoors for remote access. (B)

In SQL injection, what is the purpose of entering '1=1' in an SQL query?

To return all records in the database (C)

What important feature distinguishes metamorphic viruses from polymorphic viruses?

They completely rewrite their code with each infection. (D)

Which type of rootkit is typically embedded within the hardware or firmware of components?

Hardware/Firmware Level Rootkit (A)

Which of the following is a characteristic of adware?

It displays unwanted advertisements. (B)

What is one consequence of a successful SQL injection attack?

Gaining unauthorized access to sensitive data (A)

Hypervisor Level Rootkits exploit which of the following?

Hardware-assisted Virtualization features (D)

Which statement best describes stealth viruses?

They hide themselves from detection by antivirus software. (B)

What can result from failures in the access control mechanism?

Data destruction or modification (B)

Which of the following is NOT a common access control vulnerability?

Viewing account history with guest access (C)

What is a potential consequence of insufficient logging and monitoring?

Difficulty in detecting malicious activities (A)

Which OWASP Top 10 Mobile Threat relates to poorly executed coding practices during development?

M2: Inadequate Supply Chain Security (B)

How can XML External Entities be exploited?

By including hostile content in XML documents (D)

Which of the following best defines Insufficient Binary Protections in mobile applications?

Retention of sensitive information within the binary (A)

What type of vulnerability is associated with allowing changes to primary keys in databases?

Data Integrity Violations (C)

Which OWASP mobile threat is concerned with the security of data stored within the app?

M9: Insecure Data Storage (B)

What is the method used in whaling attacks?

Targeting specific individuals within an organization for sensitive information. (B)

How do fake WAPs typically lure users to connect to them?

By using names that appear trustworthy. (A)

What characterizes in-band SQL injection?

It utilizes the same channel for both attack and result gathering. (A)

What common security measure can help protect against eavesdropping attacks?

Using a VPN. (C)

How does error-based SQL injection work?

It elicits error messages from the database to gather structural information. (A)

What primarily enables a man-in-the-middle (MITM) attack to occur?

The presence of unsecured networks. (B)

What is a key characteristic of a session hijacking attack?

It allows attackers to take control of a user's active session. (B)

What is the primary goal of a time-based SQL injection attack?

To force the server to delay its response. (B)

Which method is NOT a recommended prevention technique for SQL injection?

Ignoring user input validation. (D)

Which of the following is NOT a method to protect against fake WAPs?

Always connecting to public networks. (C)

What role does ARP poisoning play in a MITM attack?

It allows attackers to position themselves between the victim and the host. (D)

What happens in blind Boolean-based SQL injections?

Attackers obtain responses based on true or false conditions. (D)

Which type of attack uses fake text messages to deceive individuals into revealing information?

Smishing. (B)

What does credential stuffing attack utilize?

A standard list of default usernames and passwords. (A)

Which of the following is a characteristic of broken authentication?

It compromises session tokens, passwords, and other identifiers. (C)

What is one reason prepared statements protect against SQL injection?

They separate SQL logic from user input. (A)

Flashcards

Asset

Any resource that needs protection from attackers. Examples include computers, communication equipment, and storage media.

Access Control

Defines who has access to what resources and to what extent.

CIA Triad

A set of principles that ensure information is kept private (confidentiality), accurate (integrity), and available to those who need it (availability).

Authentication

The process of proving one's identity. Examples include using passwords, cards, tokens, or biometrics.

Authorization

Specifies the type of access authorized users have to specific resources.

Risk

The chance that an asset might be attacked. Involves analyzing and quantifying the potential risks.

Threat

The dangers or threats a system faces from attackers. Examples include snooping, traffic analysis, modification, masquerading, replaying, repudiation, and denial of service.

Vulnerability

Weaknesses or loopholes in hardware, software, applications, or protocols that can be exploited by attackers to cause harm.

Encrypted Virus

A type of virus where a hidden key is used to encrypt the rest of its code. The key is embedded within the virus and then unlocks the remaining part of the virus after infecting a system. This technique helps the virus avoid detection by security checks.

Stealth Virus

This virus hides its presence from detection by antivirus software. It can be difficult to locate and remove.

Polymorphic Virus

A virus that changes its form with each infection. It mutates to disguise itself, making it challenging to detect using traditional antivirus methods.

Metamorphic Virus

A virus that completely rewrites itself when it infects a system, modifying its internal workings and behavior. It's a more advanced form of a polymorphic virus.

Trojan

A malicious program disguised as something harmless or beneficial. It tricks users into installing it, then secretly grants hackers unauthorized access to their computer.

Spyware

Software designed to collect personal information about users without their consent. This information can be used for targeted advertising, identity theft, or other malicious purposes.

Rootkit

A set of programs that grants remote users privileged access to a system. It's usually installed after an initial attack and allows hackers to take control of an infected system.

Adware

A type of spyware that displays advertisements on your computer.

XML External Entities

Exploiting vulnerable XML processors by uploading XML or injecting malicious content in an XML document.

Insufficient Logging and Monitoring

Occurs when security-critical events are not logged properly, making malicious activities difficult to detect.

Access Control Vulnerabilities

Occurs when an attacker can bypass access control checks by manipulating URLs, changing user IDs, or accessing unauthorized parts of the system.

Inadequate Supply Chain Security

A vulnerability caused by a lack of testing and secure coding practices that leads to security flaws in the app.

Insecure Authentication/Authorization

Insecure authentication or authorization mechanisms in an app, allowing unauthorized access.

Insufficient Input/Output Validation

Lack of validation of user input and output, which can lead to vulnerabilities like SQL injection and cross-site scripting (XSS).

Insecure Communication

Using insecure communication channels like HTTP instead of HTTPS, allowing attackers to intercept sensitive information.

Insecure Data Storage

Mobile apps that lack secure storage mechanisms for sensitive data, exposing it to potential attacks.

In-band SQLi

A type of SQL injection where the hacker uses the same communication channel to both launch the attack and gather results.

Error-based SQLi

A SQL injection technique that exploits database errors to retrieve information about the database structure.

Blind Boolean-based SQLi

An SQL injection method where the attacker forces the database to return a true or false result, allowing them to deduce information about the database.

Time-based SQL Injection

An SQL injection attack where the attacker crafts a query that makes the server wait for a specific time before responding. The attacker then measures this time delay to deduce information.

Prepared Statements

Pre-compiled SQL statements that separate SQL logic from user input, preventing malicious code from being executed.

Restrict Database Rights

Restricting user access to only the information they need to perform their tasks.

Vulnerability Assessments and Pentesting

Regularly testing your systems for vulnerabilities and weaknesses to identify potential security risks.

Credential Stuffing

An attack where someone tries to guess passwords or usernames using a list of commonly used credentials.

Application Level Rootkit

A type of rootkit that modifies application files to change their behavior, often to hide malware or gain unauthorized access.

Kernel-Level Rootkit

A type of rootkit that alters the core operating system files, often to gain complete control over the system.

Hardware/Firmware Level Rootkit

A type of rootkit that hides within the hardware or firmware of devices, making it incredibly difficult to detect.

Hypervisor Level Rootkit

A type of rootkit that exploits virtualization technology to create a hidden, unauthorized environment within a host system.

Cross-Site Scripting (XSS)

A web vulnerability that allows attackers to inject malicious scripts into websites, potentially stealing data or compromising user accounts.

Cross-Site Request Forgery (CSRF)

A web attack that forces a user to unknowingly submit malicious requests to a website, often to compromise their account or steal sensitive information.

SQL Injection (SQLi)

A type of attack that exploits security flaws in database queries to gain unauthorized access to sensitive data.

Improper Data Validation

A vulnerability where attackers can manipulate data submitted through web forms to trigger unexpected actions or gain unauthorized access.

Smishing

A type of phishing attack that uses fake text messages to trick people into giving up sensitive information or downloading malware.

Whaling

A phishing attack that specifically targets high-profile individuals within organizations, aiming to gain access to valuable information.

Fake WAP

A deceptive Wi-Fi network created by hackers to mimic legitimate hotspots, allowing them to intercept user data.

Eavesdropping

An attack where the attacker listens in on and records data being transmitted between two devices, often on unsecured networks.

Man-in-the-Middle (MITM)

An attack where the hacker positions themselves between a user and a website, intercepting and potentially manipulating the communication.

Session Hijacking

An attack where the attacker steals or guesses the session token, gaining control of a user's online session.

Study Notes

Ethical Hacking - Unit 1

• This unit covers ethical hacking
• A graphic displays a figure running, with a money sack, against a black background with the words "ETHICAL HACKING" and "UNIT 1"
• Another graphic shows a figure breaking into a phone graphic, the word "Information Security" and "Attacks and Vulnerabilities"

Introduction to Information Security

• Assets: Any resource needing protection from attackers.
• System Resources:
  • Computer Equipment (Desktops, Laptops, Tablets, Servers)
  • Communication Equipment (Routers, Switches, Firewalls, Modems)
  • Storage Media (Hard Drives, CDs, DVDs, SD cards)
• Access Control: Defines the spectrum of access granted to entities.
• Confidentiality, Integrity, and Availability (CIA): Ensuring data privacy, consistency from origin to destination, and availability to users 24/7.

Authentication and Authorization

• Authentication: Process where a person proves their identity (passwords, cards, biometrics).
• Authorization: Specifies the access levels for authorized users to resources.
• Risk: The chances of a resource or asset being attacked.
• Risk Analysis: Determines the level of risk associated with system assets.
• Threat: The amount of danger the system faces from attackers.
• Threat Types: Snooping, Traffic Analysis, Modification, Masquerading, Replaying, Denial of Service,

Vulnerability and Attack Surface

• Vulnerability: System weaknesses or loopholes in hardware, software, applications, and protocols exploited by attackers.
• Attack Surface: The combination of software services an attacker can exploit due to vulnerabilities or insecure configurations.
• Malware: Malicious software intentionally included or inserted into a system for harmful purposes.

Types of Malware

• Worms: Self-replicating malware that spreads across networks without a host program.
• Viruses: Malware that attaches itself to programs and replicates copies of itself.
  • Structure: Has infection mechanism, trigger, and payload.
  • Phases: Dormant, propagation, triggering, execution.
  • Types: Encrypted, Stealth, Polymorphic, Metamorphic
• Trojans: Malware disguised as legitimate software, while secretly executing unwanted tasks.
  • Possible damages: Data theft, system crashes, slowdowns, launchpads for DDoS attacks, remotely run commands, keystroke interception.
• Spyware: Software for gathering user interaction information and details without permission.
• Adware: Spyware that displays advertisements.
• System Monitors: Spyware that monitors system activities.
• Tracking Cookies: Spyware that collects data about user behavior on the Internet.
• Rootkits: Software designed to provide privileged access to a remote user.
  • Types: Application level, kernel level, hardware/firmware level, hypervisor level

Types of Vulnerabilities (Identified by OWASP)

• Cross-Site Scripting (XSS): Injects malicious scripts into web pages.
• Cross-Site Request Forgery (CSRF/XSRF): Tricks users into performing unwanted actions on a website.
• SQL Injection (SQLI): Inserts harmful SQL code to access data or control the system.
  • Types: In-band, Error-based, Blind Boolean-based, Time-based
• Broken Authentication: Vulnerable authentication that allows attackers to compromise credentials, tokens, etc.
• Input Parameter Manipulation: Modifies data between the browser and web application.

Types of Attacks & Prevention Mechanisms

• Keystroke Logging: Records keystrokes covertly, either by software or hardware.
• Denial of Service (DoS): Prevents normal communication with a resource by overwhelming requests.
• Distributed Denial of Service (DDoS): Same as DoS, but uses multiple computers or machines.
• Watering Hole Attack: Targets trusted services to deliver a malicious payload to an organization.
• Brute-Force Attack: Uses trial-and-error to crack passwords/credentials.
• Phishing : Tries to acquire sensitive data like bank account info, emails, passwords and credit card information
• Cat Phishing : Includes creating a fake personality to steal personal data
• Voice Phishing (Vishing): Malicious calls to steal sensitive data
• SMS Phishing (Smishing) : Uses fake mobile texts to trick people into downloading malware,
• Whaling : Targets high-profile individuals,
• Fake WAP: Mimic legitimate Wi-Fi hotspots
• Eavesdropping : Passively observing communications between devices.
• Man-in-the-Middle (MITM): Places a hacker in between the communication channels

Other attack types

• Session Hijacking: Stealing sensitive information by hijacking a valid online session.
• Clickjacking: Tricks users into clicking on different objects(link) than what they intended to click.
• URL Obfuscation : Modifies a URL to conceal the legitimate location

Other security aspects

• Buffer Overflow: When more data than allocated is put into a buffer, leading to data corruption.
• DNS Cache Poisoning : Modifies DNS cache to point to a false IP address
• ARP Poisoning : Changes the relationship between IP address and MAC address to redirect traffic to a attacker's machine
• Identity Theft: Stealing personal information to commit fraud.
• IoT Attacks: Gaining access to sensitive data via Internet of Things (IoT) devices.
• Bots and Botnets: Automated malicious software and networks of infected computers.
• CVE Database: Centralized database of common vulnerabilities and exposures in software and hardware.

Additional Information

• OWASP Mobile Top 10: List of top 10 mobile security threats identified by Open Web Application Security Project (OWASP).