Erklären Sie Smurf Attacks	large number of ICMP Packets with victims IP as forged source address is sent to (IP broadcast address) --> consumes the victims bandwith. its a mechanism to carry out dos attack on target system.
Fraggle Attack	operates almost identical like smurf, but uses UPD packets instead.
Name and shortly describe 3 "methods of attacking"	eavesdropping (obtain copies of information without authorization), masquerading (sending msg with others identity, spoofing), message tampering (changing the content of a msg), replaying (store a msg and send it again later), exploiting (using bugs in software to get access to host), combinations (f.e. man in the middle attack)
TCP SYN Flooding attack	exploits tcp protocol. (3way handshake: syn -> syn ack -> ack) tcp flooding works by flooding the victims machine with unwanted traffic: syn packages - the first part of the 3 way handshake. the victim responds to this syn with syn ack packages, but the attacker never sends its ack. so the victim keeps waiting for a response, and becomes unresponsive.
dns-amplification attack	spoof ip adress of DNS resolver to victims ip. find a dns domain, that is registered with many dns records (so the reply gets larger).
FTP Bounce Attack	(old attack 1995) used to send traffic to a third party that is on the network somewhere. the attack makes use of "passive mode FTP" where the client initiates the command and data sessions - but the client can cause the FTP server to send information to the wrong place. client sends "PORT"-command to the FTP server, where ip:port is specified, where the server should send its answer to.
Fragmentation-Attacke und wie diese verhindert werden kann.	data is fragmented into packets in order to transmit it. the attack exploits this fragmentation to send an amount of data that is bigger than the amount the victim machine is expecting. once the fragments are rebuilt, this bigger that expected package might overflow system data and lead the the system to crash. can be prevented quite easily: check if the offset + length of data is in the size limit. teardrop attack (= ping of death), packet reassembly attacks. .. there are several ways to exploit this: crash systems, bypass firewalls, ..
Ping of Death	ping of death causes remote system to crash. attacker creates a forged ICMP echo request (=ping), thats bigger than the ip standard. this is realized with packet-fragmentation. the victim machine receives these fragments and rebuilds it. turns out the packet is bigger than expected and various internal memory buffers might be overflowed. prevention: add error check and calculate length of data + offset.
ARP Spoofing Attack	ARP is short for Address Resolution Protocol, a protocol that is used to resolve IP addresses to MAC (Media Access Control) addresses for transmitting data. In an ARP spoofing attack, a malicious party sends spoofed ARP messages across a local area network in order to link the attacker’s MAC address with the IP address of a legitimate member of the network. This type of spoofing attack results in data that is intended for the host’s IP address getting sent to the attacker instead. Malicious parties commonly use ARP spoofing to steal information, modify data in-transit or stop traffic on a LAN. ARP spoofing attacks can also be used to facilitate other types of attacks, including denial-of-service, session hijacking and man-in-the-middle attacks. ARP spoofing only works on local area networks that use the Address Resolution Protocol.
DNS Server Spoofing Attacks	The Domain Name System (DNS) is a system that associates domain names with IP addresses. Devices that connect to the internet or other private networks rely on the DNS for resolving URLs, email addresses and other human-readable domain names into their corresponding IP addresses. In a DNS server spoofing attack, a malicious party modifies the DNS server in order to reroute a specific domain name to a different IP address. In many cases, the new IP address will be for a server that is actually controlled by the attacker and contains files infected with malware. DNS server spoofing attacks are often used to spread computer worms and viruses.
Spoofing Attack Prevention and Mitigation	Common measures include: Packet filtering, (Packet filters inspect packets as they are transmitted across a network. Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out and blocking packets with conflicting source address information ), use cryptographic network protocols (TLS, SSH, HTTPS) and other secure communications protocols bolster spoofing attack prevention efforts by encrypting data before it is sent and authenticating data as it is received.
File System Maze	create a long list of symbolic links that takes some time to compute. in the meantime one could change the entry point of the maze. could be used to forge access rights.
SMTP Address spoofing	use telnet to write anything on the envelope you'd like
How to make Session Identifiers secure	make them truly random, so an attacker can't guess them.
Regression tests	tests designed to check that a program has not "regressed”, that is, that previous capabilities have not been compromised by introducing new ones.
Übertragung von Session-Cookies	always use https, otherwise the session-cookie can easily be stolen
Same-origin policy, how it's protecting user.	same origin policy prevents a malicious site to access the content of another site, where the victim is currently loged in
CBC Bit Flipping Attack	Purpose of the Attack: To change a byte in the plaintext by corrupting a byte in the ciphertext. Why? To bypass filters by adding malicious chars like a single quote, or to elevate privileges by changing the ID of the user to admin, or any other consequence of changing the plaintext expected by an application.
Erklären Sie eine Amplification-Attacke und wie diese verhindert werden kann.	amplification attacks are generally used to flood a target with responses from some network or service that is used to reflect the original request so it increases in size. some amplification attacks can be prevented. f.e. SYN flood can be prevented with SYN cookies.
What is a Side Channel Attack?	In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms. For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information which can be exploited to break the system.
software fault injection	bugs cannot be completely removed, thus program should be fault-tolerant. test this by injecting faults into code deliberately and make program robust to the effects.
Postel's Law	robustness principle that is a general design guideline for software. The principle is also known as Postel's law, after internet pioneer Jon Postel, who wrote in an early specification of the Transmission Control Protocol that: "TCP implementations should follow a general principle of robustness: be conservative in what you do, be liberal in what you accept from others."
Type confusion	When a program accesses a resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety (such as C and C++) type confusion can lead to out-of-bounds memory access.
What is an Embedded System?	An embedded system can be defined as a control system or computer system designed to perform a specific task. Common examples of embedded systems include MP3 players, navigation systems on aircraft and intruder alarm systems. An embedded system can also be defined as a single purpose computer.
Why are Embedded System more challenging than PCs?	Embedded systems are often prone to some very specific problems. A PC computer may ship with a glitch in the software, and once discovered, a software patch can often be shipped out to fix the problem. An embedded system, however, is frequently programmed once, and the software cannot be patched.
what are properties of a secure password? 1. the longer the better, 2. mix of lower and upper case chars, numbers and punctuation marks, 3. not part of any dictionary	
Why are security questions not secure?	answer can easily be guessed if the attacker knows smth about my life.
Erkläre die drei Teile einer HTTP-Nachricht.	Request message: request line (e.g., GET /images/logo.png HTTP/1.1, which requests a resource called /images/logo.png from the server), request header fields (e.g., Accept-Language: en), an empty line, an optional message body. Response message: status line which includes the status code and reason message (e.g., HTTP/1.1 200 OK, which indicates that the client's request succeeded), response header fields (e.g., Content-Type: text/html), an empty line, an optional message body.
Is it good idea to use for logged in users HTTP instead of HTTPS when downloading pictures, in some web app. Describe why!	It is a very bad idea to use HTTP for logged in users, as HTTP is a stateless protocol, the transmission of some kind of session identifier is needed. if this session id is transmitted with HTTP, an attacker can easily hijack the session of the logged in user.
Second Order SQL Injection	Second order SQL injection occurs when submitted values contain malicious commands that are stored rather than executed immediately. In some cases, the application may correctly encode an SQL statement and store it as valid SQL. Then, another part of that application without controls to protect against SQL injection might execute that stored SQL statement. This attack requires more knowledge of how submitted values are later used.
Blind SQL Injection	Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. Example: http://books.example.com/showReview.php?ID=5 OR 1=1
What are injection attacks? Give an example!	Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or "inject") code into a vulnerable computer program and change the course of execution. login with some username and enter "passw' OR '1'='1" as password, if there is no proper input validation, the sql statement turns to true and the attacker gains access to the account.
Cross Site Scripting XSS	XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping.
What is Cross-profile-cloning?	Profile Cloning is using an existing users'publicly shared information (profile picture, photos, name) to clone those users' profiles or accounts, in an attempt to trick those users' friends into accepting bogus friend requests from the cloned accounts.
How does Phishing with Cross-Profile work?	Once the bogus requests are accepted, the scammer can post malicious links or content which will appear as if it came from the users whose profiles or accounts were duplicated or cloned. The malicious links may also take potential victims to phishing websites that will scam them, by tricking them into sending their personal information, financial information, online account information and money.
What is an IMSI-Catcher und why does it work?	An IMSI-catcher is a telephone eavesdropping device used for intercepting mobile phone traffic and tracking movement of mobile phone users. Essentially it is a "fake" mobile tower acting between the target mobile phone and the service provider's real towers. It is considered a man-in-the-middle attack.
DNS and root-servers	All DNS servers are organized in a hierarchy. At the top level of the hierarchy, so-called root servers store a complete database of Internet domain names and their corresponding IP addresses. The Internet employs 13 root servers that have become somewhat famous for their special role. Maintained by various independent agencies, the servers are aptly named A, B, C and so on up to M. Ten of these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm, Sweden.
What is a switched Network?	Switches are used to connect computers, printers and servers within a building or campus. A switch serves as a controller, enabling networked devices to talk to each other efficiently. Switches create a network. Routers connect networks. Switches work by sending traffic to the destination host only. This happens because switches have CAM tables. These tables store information like MAC addresses, switch ports, and VLAN information. Before sending traffic from one host to another on the same local area network, the host ARP cache is first checked. The ARP cache is a table that stores both Layer 2 (MAC) addresses and Layer 3 (IP) addresses of hosts on the local network. If the destination host isn’t in the ARP cache, the source host sends a broadcast ARP request looking for the host. When the host replies, the traffic can be sent to it. The traffic goes from the source host to the switch, and then directly to the destination host. This description shows that traffic isn’t broadcast out to every host, but only to the destination host, therefore it’s harder to sniff traffic.
Packet sniffing	Packet sniffing is a technique of monitoring network traffic. It is effective on both switched and nonswitched networks. In a non-switched network environment packet sniffing is an easy thing to do. This is because network traffic is sent to a hub which broadcasts it to everyone. Switched networks are completely different in the way they operate. Traffic goes from the source host to the switch, and then directly to the destination host. Traffic isn’t broadcast out to every host, therefore it’s harder to sniff traffic. However, it still is possible.
What's MAC spoofing?	MAC spoofing is a technique for changing a factory-assigned Media Access Control address of a network interface on a networked device. The MAC address that is hard-coded on a network interface controller cannot be changed. However, many drivers allow the MAC address to be changed. The process of masking a MAC address is known as MAC spoofing.
Whats the difference between wired und wifi mac-spoofing?	In wireless networks, the signals travel through the air; anybody can listen to them and capture the source MAC address. Therefore, it's easy for an attacker to find out the white-listed MAC addresses and impersonate them. In wired networks (more specifically, switch-wired networks), the signals travel through the wires from the hosts to the switch; it's much more difficult for an attacker to listen to them and capture the source MAC address.
What are telnet flaws?	Telnet, by default, does not encrypt any data sent over the connection (including passwords). Most implementations of Telnet have no authentication that would ensure communication is carried out between the two desired hosts and not intercepted in the middle.
Automatic testing	testing should be done continuously, with a lot of in- and output comparisons and test runs. therefore, ideally suitable for automation.
software fault injection	bugs cannot be completely removed, thus program should be fault-tolerant. test this by injecting faults into code deliberately and make program robust to the effects.
Something with Buffer Overflow and DEP	...
Erklären Sie detailliert Buffer Overflows und den Zusammenhang mit Stacks.	...
Wie können Buffer Overflows verhindert werden mittels Compiler Protection?	...
Shell Code – Addressing	...
Wie ist ein Shellcode üblicherweise ausgebaut? Anfangs kann man ja nur mit relativen Adressen arbeiten, benötigt aber die absolute Adresse des String am Ende des Shellcodes. Wie kann diese ermittelt werden?	...