Application Cryptography Attacks

Application Attacks

  • Buffer Overflow:
    • When more data is written to a buffer than it can hold.
    • An anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
Could not load image
  • Injection:
    • Occurs when untrusted data is sent to an interpreter as part of a command or query.
    • The most common fall into the following categories:
      • Escape characters not filtered correctly.
      • Type handling not properly done.
      • Conditional errors.
      • Time delays.
    • The way to defend against this attack is always to filter input.
    • Examples: SQL Injection, OS, LDAP, XML.
      • Command Injection: when an operating system command is submitted in an HTML string.
  • Cross-Site Scripting (XSS): Occurs whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript.
    • Example: Ron<SCRIPT>alert('hello')</SCRIPT>Woerner
  • Cross-Site Request Forgery (CSRF/XSRF): An attack that forces an end user to execute unwanted actions on a web application. Also known as a 'session riding' or 'one-click' attack.
  • Privilege Escalation: The act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

Prevention & Response

  • Good coding practices - See OWASP.
  • Filter and validate any user input.
  • Use a Web Application Firewall (WAF).
  • Build security into the Software Development Life Cycle (SDLC).
  • Have an incident response plan in place.

Zero-Day (0-Day) Exploits

  • An attack that exploits a previously unknown security vulnerability.
  • It may take advantage of a security vulnerability on the same day that the vulnerability becomes generally known.
  • Example: Stuxnet
  • Prevention:
    • Defense-in-Depth.
    • Patch & Update.
    • Keep AV up-to-date.

Impersonation / Masquerading / Replay Attacks

  • The act of pretending to be someone or something to gain unauthorized access to a system.
  • Capturing network traffic via eavesdropping, then re-establishing a communications session by replaying captured traffic using spoofed authentication credentials.
  • Prevention:
    • Token Authentication (Kerberos)
    • MFA/TFA
    • Encryption
    • Sequenced Session Identification

Driver Manipulation

  • Driver: A program that controls a device such as printers, media, keyboards, etc. They are usually signed.
  • Shimming: Creating a library, or modifying an existing one, to bypass a driver and perform a function other than the one for which the API was created. Makes external changes visible in the code's behavior.
  • Refactoring: Set of techniques used to identify the flow and then modify the internal structure of code without changing the code's visible behavior.

Cryptographic Attacks

  • Birthday: An attack on cryptographic hash that looks for hash collisions - exploiting the 1-to-1 nature of hashing functions.
  • Known Plain Text/Cipher Text (KPA): An attacker attempts to derive a cryptographic key by using pairs of known plain text along with the corresponding cipher text.
  • Frequency Analysis: Looking at the blocks of an encrypted message to determine if any common patterns exist.
  • Password Attacks:
    • Dictionary: Systematically entering each word in a dictionary as a password.
    • Brute Force: Systematically attempting all possible combinations of letters, numbers, and symbols. Usually automated.
    • Rainbow Tables: All of the possible password hashes are computer in advance and those hash values are compared with the password database.
    • Pass the Hash: An attacker attempts to authenticate to a remote server or service by intercepting password hashes on a network.
Copy link
On this page
Application Attacks
Prevention & Response
Zero-Day (0-Day) Exploits
Impersonation / Masquerading / Replay Attacks
Driver Manipulation
Cryptographic Attacks