1_3_5 Section 1 – Attacks, Threats, and Vulnerabilities - 1.3 – Application Attacks - Replay Attacks

Questions and Answers

What protocol should be used to prevent attackers from gathering session IDs off network flows?

POP3

SSL (correct)

HTTP

FTP

How might an attacker gather session information directly from the network?

Using Wireshark or Kismet (correct)

Sending phishing emails

Accessing the server physically

Analyzing server logs

What action could an attacker with access to a vulnerable server take to obtain session IDs?

Encrypt the server data

Change network settings

Redirect session IDs to themselves (correct)

Update antivirus software

How can replay and session attacks be prevented?

Ensure all communication is encrypted

What additional overhead does turning on encryption on a web server introduce?

Increased processing requirements

What can users do if a service doesn't support HTTPS for communication?

Use an encrypted tunnel

What is a common piece of information that a crafty hacker might extract from network flows?

Session ID

How might a hacker gather network information if they have physical access to the network?

Install a network tap

What is a method a hacker might use if they lack physical access to the network?

ARP poisoning

What type of attack involves capturing and replaying information across the network as if it originated from the victim?

Replay attack

What can hackers do with gathered session IDs or credentials from network traffic?

Use them across the network later on

Is physical access to the network always required for a replay attack to be successful?

No, it can be done without being physically present on the network path

What type of attack involves an attacker gaining access to the hash value associated with a password?

Replay attack

How can developers prevent a 'pass the hash' attack?

Encrypting communication channels like SSL or TLS

What technique involves adding a unique identifier to a hash to prevent a replay attack?

Hash salting

Why is it important for developers to ensure that cookies are secure?

To prevent replay attacks

How does an attacker gain access to a session ID in a session hijacking attack?

By sniffing network traffic

What makes SSL and TLS effective in preventing certain types of attacks?

They encrypt communication channels

Which of the following is NOT a reason why an attacker might target browser cookies?

Accessing browser history

What is the main risk of an attacker successfully performing a 'pass the hash' attack?

Unauthorized access to user accounts

How can developers make session IDs more secure against hijacking?

'Rotating' them frequently

'Pass the hash' attacks are mitigated by:

'Salting' the hash values

What does a crafty hacker aim to gather from network flows for an advantage during an attack?

Session IDs

How might an attacker gather network information if they lack physical access to the network?

Injecting malicious code onto the victim's computer

What type of attack involves capturing information across the network and replaying it to seem as if it originated from the victim?

Replay attack

What method might an attacker use to redirect network information logically?

ARP poisoning

In a replay attack, what can be captured by the attacker and later used across the network?

Session IDs or credentials

What can an attacker do if they capture information that can be replayed across the network?

Conduct a replay attack

How can replay and session attacks be prevented?

Enabling encryption on all network traffic

What action could an attacker with access to a vulnerable server take to obtain session IDs?

Use a third-party utility to modify server headers

What technique could prevent attackers from capturing session IDs from network flows?

Implementing encrypted communication

Why is it important for websites to operate over HTTPS or TLS?

To protect data during transmission

If a service does not support HTTPS, what alternative could be used to secure part of the communication flow?

Creating an encrypted tunnel

What could an attacker do in real time to modify headers being sent to a server?

Employ a third-party utility for header modification

How can developers prevent a 'pass the hash' attack as described in the text?

Using strong encryption for communication between client and server

What technique could developers use to make session IDs more secure against hijacking?

Encrypting the session ID during transmission

Why is salting the hash with a session ID helpful in preventing replay attacks?

It creates unique hashed values even if the original data is the same

What is a key benefit of using SSL or TLS for communication between client and server?

Securing data transmission against unauthorized access

How does an attacker potentially gain access to a user's account on a server in a 'pass the hash' attack?

By replaying the captured password hash to the server

What makes cookies stored in web browsers vulnerable to replay attacks as mentioned in the text?

They may include sensitive session information

Why are session IDs important in communication between a client and a service as outlined in the text?

To avoid using usernames and passwords for every request

'Pass the hash' attacks involve replaying what type of information back to the server?

Hash value associated with a password

What role do cookies play in facilitating session hijacking attacks as discussed in the text?

Storing sensitive information including session IDs

How does salting the hash with a session ID protect against replay attacks, according to the information provided?

By making each password hash unique even for identical passwords