Application Cryptography Attacks
Buffer Overflow:
When more data is written to a buffer than it can hold.
An anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
Injection:
Occurs when untrusted data is sent to an interpreter as part of a command or query.
The most common fall into the following categories:
Escape characters not filtered correctly.
Type handling not properly done.
Conditional errors.
Time delays.
The way to defend against this attack is always to filter input.
Examples: SQL Injection, OS, LDAP, XML.
Command Injection: when an operating system command is submitted in an HTML string.
Cross-Site Scripting (XSS): Occurs whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript.
Example: Ron<SCRIPT>alert('hello')</SCRIPT>Woerner
Cross-Site Request Forgery (CSRF/XSRF): An attack that forces an end user to execute unwanted actions on a web application. Also known as a 'session riding' or 'one-click' attack.
Privilege Escalation: The act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
Good coding practices - See OWASP.
Filter and validate any user input.
Use a Web Application Firewall (WAF).
Build security into the Software Development Life Cycle (SDLC).
Have an incident response plan in place.
An attack that exploits a previously unknown security vulnerability.
It may take advantage of a security vulnerability on the same day that the vulnerability becomes generally known.
Example: Stuxnet
Prevention:
Defense-in-Depth.
Patch & Update.
Keep AV up-to-date.
The act of pretending to be someone or something to gain unauthorized access to a system.
Capturing network traffic via eavesdropping, then re-establishing a communications session by replaying captured traffic using spoofed authentication credentials.
Prevention:
Token Authentication (Kerberos)
MFA/TFA
Encryption
Sequenced Session Identification
Driver: A program that controls a device such as printers, media, keyboards, etc. They are usually signed.
Shimming: Creating a library, or modifying an existing one, to bypass a driver and perform a function other than the one for which the API was created. Makes external changes visible in the code's behavior.
Refactoring: Set of techniques used to identify the flow and then modify the internal structure of code without changing the code's visible behavior.
Birthday: An attack on cryptographic hash that looks for hash collisions - exploiting the 1-to-1 nature of hashing functions.
Known Plain Text/Cipher Text (KPA): An attacker attempts to derive a cryptographic key by using pairs of known plain text along with the corresponding cipher text.
Frequency Analysis: Looking at the blocks of an encrypted message to determine if any common patterns exist.
Password Attacks:
Dictionary: Systematically entering each word in a dictionary as a password.
Brute Force: Systematically attempting all possible combinations of letters, numbers, and symbols. Usually automated.
Rainbow Tables: All of the possible password hashes are computer in advance and those hash values are compared with the password database.
Pass the Hash: An attacker attempts to authenticate to a remote server or service by intercepting password hashes on a network.
