Questions
ayuda
option
My Daypo

ERASED TEST, YOU MAY BE INTERESTED ONApp/Service Attacks

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
App/Service Attacks

Description:
App/Service Attacks

Author:
BA
(Other tests from this author)

Creation Date:
01/09/2019

Category:
Others

Number of questions: 22
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
Attack causing a service to fail by overloading it; can be a precursor to a DNS spoofing attack; can be as simple as turning the power off; can be "friendly" unintentional .
Army of botnets used to take down a system .
Redirects traffic - uses ARP poisoning .
Malware installed that hides in the browser .
Causes privilege escalation by TPN over ride.
Usually uses SQL .
Takes information from one web page and uses it in another using Java Script - victim of the attack isn't authenticated yet - protect against it using a WAF .
Sites must always validate the device and user -  victim must be authenticated to the trusted server .
Bug or flaw allowing you to elevate the access you should normally have - very high priority to get fixed quickly; can use DEP to mitigate .
Actually change the DNS files to redirect addresses to an attackers IP address .
Somehow gain access and totally redirect to a different server - don't even need to touch the victim servers like in DNS poisoning .
Vulnerability that has not been announced yet - very valuable because they have not been patched yet .
Grab raw data transmitted across the network and then later reusing it to appear as the original sender - can avoid with encryption and password salting, also add time stamp .
Associate this with stealing hashes to crack otherwise impossible to crack passwords .
Use type squatting, brand jacking, misspelling, etc to redirect unsuspecting users to bad sites .
You think you're clicking something legit, but underneath you're are actually clicking a bad link .
Uses session ID and cookies - steals session ID so website thinks you've previously authenticated .
Related to drivers .
Related to drivers - Aka metamorphic malware - it's a different thing each time it's downloaded so it's hard to add signature to use in anti-virus software .
One device pretending to be something it's not (email addresses, phone numbers, IP addresses, MACs) .
Sending small requests to servers that will receive large responses; think of the example using the DNS protocol .
Attacker changes the MAC address and attacks a network by changing the target computer's ARP cache with a forged ARP request and reply packets .
Report abuse Consent Terms of use