Chapter 2 - 04 - Understand Application-level and OS-level Attacks - 11_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Full Transcript
Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Zero-day Attacks v' Zero-day vulnerabilities are unknown exploits in a software/hardware core that can be exploited by an attacker before developers or security teams diagnose and release a patch v’ These vulnerabilities are...
Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Zero-day Attacks v' Zero-day vulnerabilities are unknown exploits in a software/hardware core that can be exploited by an attacker before developers or security teams diagnose and release a patch v’ These vulnerabilities are difficult to identify as they take many forms such as buffer overflows, broken algorithms, missing encryption, DNS redirects, missing authorizations, and password security issues Copyright © by EC-CounciL EC-C L All Rights Reserved. Reproduction Reproduction is Strictly Prohibited Zero-day Attacks Zero-day vulnerabilities are unknown exploits in a software/hardware core that can be exploited by an attacker before developers or security teams diagnose and release a patch. These vulnerabilities are difficult to identify as they take many forms such as buffer overflows, broken algorithms, missing encryption, DNS redirects, missing authorizations, and password security issues. These attacks can be minimized with awareness of the latest news and products offered by vendors, keeping systems updated, and enforcing additional security controls. Module 02 Page 277 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Information Security Attacks Buffer Overflow :nt memory locations allocated to a program or application to handle g Buffer overflow or overrun is a common vulnerability in an applications or programs that accepts more data than the allocated buffer 4 Attackers exploit buffer overflow vulnerability to inject malicious code into the buffer to damage files, modify program data, access critical information, escalate privileges, gain shell access, etc. Why Are Programs and Applications Vulnerable to Buffer Overflows? ++ Lack of boundary checking +* Failing to set proper filtering and validation principles %+ Using older versions of programming languages ¢ %+ Using unsafe and vulnerable functions +» Improper memory allocation ** Lack of good programming practices + Executing code present in the stack segment Insufficient input sanitization Copyright © by EC All Rights Reserved. Reproduction is Strictly Prohibited Buffer Overflow A buffer is an area of adjacent memory locations allocated to a program or application to handle its runtime data. Buffer overflow or overrun is a common vulnerability in applications or programs that accept more data than the allocated buffer. This vulnerability allows the application to exceed the buffer while writing data to the buffer and overwrite neighboring memory locations. Furthermore, this vulnerability leads to erratic system behavior, system crash, memory access errors, etc. Attackers exploit a buffer overflow vulnerability to inject malicious code into the buffer to damage files, modify program data, access critical information, escalate privileges, gain shell access, and so on. Why Are Programs and Applications Vulnerable to Buffer Overflows? = Boundary checks are not performed fully, or, in most cases, entirely skipped = Applications that use older versions of programming languages involve several vulnerabilities = Programs that use unsafe and vulnerable functions fail to validate the buffer size = Programs and applications that do not adhere to good programming practices = Programmers that fail to set proper filtering and validation principles in the applications = Systems that execute code present in the stack segment are vulnerable to buffer overflows * Improper memory allocation and insufficient input sanitization in the application lead to buffer overflow attacks = Application programs that use pointers for accessing heap memory result in buffer overflows Module 02 Page 278 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Return-Oriented Programming (ROP) Attack o o Return-oriented programming (ROP) is an exploitation & technique used by attackers to execute arbitrary malicious code - 3 ™ Call gadget A