Ethical Hacking Quiz 2

Buffer Overflow (Buffer Overrun)

A condition where more input is placed into a buffer than it can hold, overwriting adjacent memory. Exploited to crash a system or insert malicious code.

Compile-Time Defenses

Security measures implemented when a program is compiled to harden it against attacks.

Runtime Defenses

Security measures that operate during program execution to detect and stop attacks.

Stack Protection Mechanisms

A compile-time defense that adds code to check a function's stack frame for corruption (e.g., Stackguard).

Executable Address Space Protection

A runtime defense that prevents code from executing in memory regions like the stack.

Guard Pages

A runtime defense that places illegal memory pages between data regions; accessing them aborts the process.

Address Space Randomization

A runtime technique that randomizes memory addresses to make it harder for attackers to predict target locations.

File System Access Control

Mechanism that identifies users and enforces permissions on files and operations based on their profile.

Operating System Hardening

The process of securing an OS by patching, configuring, removing unused software, and adding security controls.

Logging

The process of recording system, network, and application events to aid in identifying and investigating security incidents.

Data Backup

The process of copying data at intervals to enable recovery over short periods (hours to weeks).

Data Archive

The process of retaining data copies for extended periods (months/years) for legal or operational needs.

Access Token (Windows)

An object attached to a user's process containing their SID and group SIDs, used to validate access to resources.

Web Application

An application served via the HTTP or HTTPS protocol from a remote server.

Cross-Site Scripting (XSS)

A vulnerability allowing attackers to inject malicious client-side scripts into web pages viewed by others.

Non-Persistent (Reflected) XSS

An XSS attack where injected code is reflected off a web server (e.g., in an error) and delivered via a link.

Persistent (Stored) XSS

An XSS attack where injected code is saved on the server (e.g., in a DB) and executed when users view the infected page.

DOM-Based XSS

An XSS attack where the payload executes by modifying the DOM environment in the victim's browser.

SQL Injection

A server-side vulnerability allowing attackers to inject malicious SQL commands into a database query.

Parameter Tampering

An attack that modifies parameters in a URL or form to gain unauthorized access or subvert application logic.

Command Injection (OS Commanding)

An attack that exploits an application to execute unauthorized operating system commands.

Session Management

The process of tracking a user's activity across interactions with a system, as HTTP is stateless.

Cookie Poisoning

A parameter tampering attack that modifies a cookie's contents to bypass security mechanisms.

Directory Traversal (Path Traversal)

An attack that uses ../ sequences to access files and directories outside the web server's root directory.

Cross-Site Request Forgery (CSRF)

An attack that tricks a victim's browser into making an unauthorized request to a web app where they are authenticated.

Buffer Overflow (Web Context)

An attack where user input exceeds a buffer's capacity, corrupting memory and potentially allowing code execution.