Flashcards in SECOPS 6: Common Attack Vectors Deck (32)
Protect IP of developers
HTML Model for accessing web-based documents
jsunpack or jsdetox
Always the first part of a string
Prevents the use of stack memory space for execution
DEP circumvented by...
ASLR bypassed by...
egg hunting (executing code stub that ID's memory location)
Shellcode stage payload
Buffer overflow to acquire memory space
No space limitations. Payload resides with a single memory space.
Way to detect shellcode on the network
Detect a sequence of NOP instructions.
Sequence of NOP instructions that precedes shellcode.
NOP instructions do what?
Nothing, then move to the next instruction until they find the shellcode.
Snort and Bro use generic signatures to detect...
Self contained payloads that function on their own
Sets up network connection between attacker and victim.
Actual malicious payload. Execution and exploitation.
Executed only in memory.
Stage payload is injected into compromised host process running in memory. Never written to disk.
Used for directory traversal. Up a level.
SQL Injection Consequences
Remote Code Execution
URI's that end in .pl (Perl)
Perl Compatible Regular Expression
SID (in IPS signature)
Malicious code stored on the web server.
Done by submitting it to forms (comment boxes)
Reflected (nonpersistent) XSS
HTML code in a URL. User needs to click the link.
Converts Unicode characters to ASCII format.