CNIT 455 Exam 3 Questions and Answers 100% Pass

CNIT 455 Exam 3 Questions and Answers 100% Pass Software vulnerabilities are typically a result of what? - non-secure coding - "make it work first and secure it later" approach How can vulnerabilities be discovered in open source code? - can be analyzed natively How can vulnerabilities be discovered in closed source code? - must be reverse engineered What are RCE tools? - used by disassemblers to convert binary to assembly language for analysis - means of understanding memory usage and basic logic flow of application - hex editors can be used to change constants/operations once memory offset is found What is an overflow attack? - most common means of running malware on a target - occurs when application doesn't check length of input being placed into variable or buffer - always creates a problem What is a buffer overflow? - most commonly used attack vector - too much is put into a variable and the memory is overwritten immediately following - critical to keep Internet applications "boxed in" as a result What is the process for exploiting an application buffer overflow? - redirect processor to memory be overflowed by attacking stack (ie. arguments, return address, previous frame pointer, local variables, buffer) - overflow buffer to replace return address with address of planted code What are some examples of buffer overflow attacks? - NOP sled - jump to register What is a NOP sled? - oldest and most widely used technique - series of hoops with jump at end of shellcode is written - increases likelihood of hitting exploit code in stack - modern IDS systems look for this type of attack What is a jump to register buffer overflow attack? - jump to register is overwritten with jump to exploit code - available in error handling routines - most common approach used in modern Internet worms What is a heap overflow? - overflow of area of memory used for variable storage (ie. contains UIDs, passwords, etc) - variables can be changed to provide different level of access to steal information - not used as often in attacks What is an example of a heap overflow attack? Microsoft JPEG GDI+ vulnerability How can overflow attacks be prevented? - always bound check input when coding - use automatic code checking and safe libraries - utilize hardware protection (bit in memory address to denote executability) What are some overflow attack prevention tools Windows - Microsoft Data Execution Prevention - BufferShield - Stack Defender UNIX - W^X - PaX