SECOPS 6: Common Attack Vectors Flashcards Preview

CCNA Cyber Ops SECOPS > SECOPS 6: Common Attack Vectors > Flashcards

Flashcards in SECOPS 6: Common Attack Vectors Deck (32)
Loading flashcards...
1

Goal of Obfuscating javascript code

Protect IP of developers

2

eval()

Sign of JavaScript obfuscation

3

DOM

HTML Model for accessing web-based documents

4

jsunpack or jsdetox

Model to decode obfuscated javascript

5

JavaScript key variable

Always the first part of a string

6

‘+"\"")())();’

JavaScript string always ends with this.

7

DEP

Prevents the use of stack memory space for execution

8

DEP circumvented by...

heap memory

9

ASLR bypassed by...

egg hunting (executing code stub that ID's memory location)

10

Shellcode stage payload

Buffer overflow to acquire memory space

11

Unstaged payload

No space limitations. Payload resides with a single memory space.

12

Way to detect shellcode on the network

Detect a sequence of NOP instructions.

13

NOP Sled

Sequence of NOP instructions that precedes shellcode.

14

NOP instructions do what?

Nothing, then move to the next instruction until they find the shellcode.

15

Snort and Bro use generic signatures to detect...

Shellcode

16

Metasploit singles

Self contained payloads that function on their own

17

Metasploit stagers

Sets up network connection between attacker and victim.

18

Stages

Actual malicious payload. Execution and exploitation.

Self contained.

19

Meterpreter

Executed only in memory.

20

Metasploiit NoNX

Circumvents DEP

21

DLL Injection

Stage payload is injected into compromised host process running in memory. Never written to disk.

22

.,\

Used for directory traversal. Up a level.

23

SQL Injection Consequences

Auth bypass
Information disclosure
Compromised CIA
Remote Code Execution

24

uricontent:".pl"

URI's that end in .pl (Perl)

25

Pcre:”/(%27)…: (regex)

Perl Compatible Regular Expression

26

SID (in IPS signature)

Snort Identifier

27

Stored XSS

Malicious code stored on the web server.

Done by submitting it to forms (comment boxes)

28

Reflected (nonpersistent) XSS

HTML code in a URL. User needs to click the link.

29

Punycode

Converts Unicode characters to ASCII format.

30

Punycode format

xn---.

fàcebook.com in Punycode becomes xn--fcebook-lta.com