Security Vulnerabilities and Exploits Chapter 2

Questions and Answers

Security ______ are any kind of software or hardware defect.

vulnerabilities

An ______ is the term used to describe a program written to take advantage of a known vulnerability.

exploit

Software vulnerabilities are usually introduced by errors in the operating system or ______ code.

application

In 2015, a major vulnerability, called ______ Knock, was discovered in Cisco IOS.

SYNful

To avoid this, always verify the ______ of the downloaded IOS image (copy) and limit the physical access of the equipment to authorized personnel only.

integrity

The goal of software updates is to stay ______ and avoid exploitation of vulnerabilities.

current

Hardware vulnerabilities are often introduced by hardware ______ flaws.

design

Based on that design flaw, an exploit called ______ was created.

Rowhammer

This ______ occurs when data is written beyond the limits of a buffer.

vulnerability

Programs often work with data ______.

input

A malicious user could craft an image file with invalid image ______.

dimensions

[Blank] conditions is when the output of an event depends on ordered or timed outputs.

race

Do not attempt to create your own security ______ because it will likely introduce vulnerabilities.

algorithms

To protect the machine and the data it contains, ______ access must be restricted.

physical

[Blank] is any code that can be used to steal data, bypass access controls, or cause harm to, or compromise a system.

malware

Bots quietly wait for commands provided by the ______.

attacker

[Blank] hold a computer system or the data captive until a payment is made.

ransomware

[Blank] persuade the user to take a specific action based on fear.

scareware

[Blank] create a backdoor.

rootkits

A computer infected by a ______ must be wiped and reinstalled.

rootkit

A ______ is disguised malware.

trojan horse

______ replicate themselves and can slow down networks.

worms

______ take control over a device without the user’s knowledge.

Man-In-The-Middle (MitM)

______ is a variation of man-in-the-middle that take control over a mobile device

Man-In-The-Mobile (MitMo)

______ are attached to other executable files.

viruses

Many malware and techniques exist to provide attackers with ______ capabilities.

MitM

An increase in ______ usage can be a symptom of malware infection.

CPU

The ______ can activates at a specific time

Virus

______ are found in image files, audio files or games.

Trojans

Flashcards

Security Vulnerabilities

Software or hardware defects that can be exploited.

Exploit

Program designed to take advantage of a known vulnerability.

Attack

The act of using an exploit against a vulnerability.

Software Vulnerabilities

Usually introduced by errors in operating systems or application code.

SYNful Knock

A significant vulnerability in Cisco IOS that allowed rogue control of routers.

Project Zero

Google's team dedicated to finding software vulnerabilities.

Hardware Vulnerabilities

Introduced by design flaws in hardware.

Rowhammer

An exploit targeting hardware design flaws in RAM.

Buffer Overflow

Occurs when data exceeds the limits of a memory buffer.

Security Research

Field focused on finding and resolving vulnerabilities.

Non-validated input

Input data that can contain malicious content leading to vulnerabilities.

Race conditions

Vulnerability due to improper timing or order of events.

Weaknesses in security practices

Creating custom security algorithms can introduce new vulnerabilities.

Access-control problems

Issues in managing who can access physical resources or data.

Malware

Any malicious software used to steal data or harm systems.

Spyware

Malicious software that gathers information about a user without consent.

Ransomware

Malware that locks a user's data, demanding payment to unlock it.

Scareware

Software that uses fear to trick users into installing malware.

Rootkits

Malicious software that creates a backdoor for unauthorized access.

Bot

Malicious software that waits for commands from an attacker.

Virus

Malware attached to executable files that requires user activation and can spread through various means.

Trojan Horse

Malware disguised as a legitimate file that binds itself to non-executable files.

Worm

Self-replicating malware that spreads quickly across networks and can slow them down.

Man-In-The-Middle (MitM)

An attack where the attacker intercepts communication between two parties to steal information.

Man-In-The-Mobile (MitMo)

A variation of MitM that targets mobile devices to capture sensitive user information.

Malware Symptoms

Signs of malware infection, including high CPU usage, crashes, and unknown files.

Network Slowdown

A decrease in network performance often due to malware activity.

File Modification

Unexplained changes to files often indicating malware presence.

Unwanted Processes

Unknown applications running on a system potentially caused by malware infections.

Study Notes

Chapter 2: Attacks, Concepts, and Techniques

• This chapter covers security vulnerabilities, exploits, and attacks.
• Security vulnerabilities are flaws in software or hardware.
• Malicious users try to exploit vulnerabilities.
• An exploit is a program designed to take advantage of a known vulnerability.
• The act of using an exploit is called an attack.

Finding Security Vulnerabilities

• Security vulnerabilities are defects in software or hardware.
• Malicious users try to exploit known vulnerabilities.
• An exploit is a program written to take advantage of a vulnerability.
• Using an exploit against a vulnerability is an attack.

Software Vulnerabilities

• Software flaws often lead to vulnerabilities.
• Operating systems (like Microsoft, Apple) regularly release patches and updates.
• The SYNful Knock vulnerability in Cisco IOS (2015) allowed attackers to control routers.
• This vulnerability permitted network monitoring and infection.
• Updates were needed to address this vulnerability.
• Maintaining up-to-date software is crucial to avoid exploitation.

Software Vulnerabilities (Continued)

• The goal of software updates is to patch vulnerabilities.
• Security researchers identify vulnerabilities and some companies have dedicated teams like Project Zero.
• Google's Project Zero aims to find software vulnerabilities.

Hardware Vulnerabilities

• Design flaws in hardware create vulnerabilities.
• RAM memory's close capacitors create Rowhammer exploit vulnerability.
• Changes in one capacitor can affect neighboring ones.
• Hardware vulnerabilities often target specific device models.
• Hardware exploits are more common in targeted attacks.

Categorizing Security Vulnerabilities: Software

• Buffer Overflow: Data written beyond buffer limits can lead to system crash or data compromise.
• Non-validated Input: Malicious input (e.g., images with wrong dimensions) can result in buffer allocation errors.
• Race Conditions: Output of an event can depend on timing sensitivity, if not executed properly a system is vulnerable.

Categorizing Security Vulnerabilities: Other Issues

• Weaknesses in security practices: Avoid creating security algorithms. Instead, leverage well-established and tested libraries.
• Access-Control Problems: Restriction of physical access to systems/equipment is critical to mitigate issues.
• Encryption techniques are vital.

Types of Malware

• Malware is malicious software.
• Malware can steal data, circumvent access controls, or cause harm.
• Spyware: spies on system activities.
• Adware: displays advertisements.
• Bots/Botnets: perform tasks at attacker's command.
• Ransomware: holds systems hostage until payment is received.
• Scareware: uses fear tactics to trick users into installing malware.
• Rootkits: malicious software with a backdoor to system, hides from forensic tools.
• Viruses: execute attached to files, sometimes harmless, sometime destructive.
• Trojan Horses: Disguised malware found in games/media.
• Worms: replicate and spread quickly across networks.
• Man-in-the-middle (MitM) attacks: intercept communication between two parties.
• Man-in-the-mobile (MitMo) attacks: similar to MitM but target mobile devices.

Symptoms of Malware

• Signs of malware include unusual CPU usage, computer slowdowns, freezes, network issues, and file modifications or deletions.

Description

This quiz covers Chapter 2 on security vulnerabilities, exploits, and attacks. Learn about various software flaws and how malicious users exploit them. Discover the significance of timely updates and patches in maintaining system security.