TU Wien:Advanced Security for Systems Engineering VU (Fankhauser)/WS15-16, 1. Test vom 22.01.2016

From VoWi
Jump to navigation Jump to search

Es gab ca. 20 Fragen gesamt, aufgeteilt auf etwa 12 Seiten, jeweils zwischen 1-11 Punkte:

  • MC: Can XML encrypt non-xml data?
  • MC: Statements about IMSI-Catcher
  • MC: XML encryption --> enveloping/detached/enveloped/referenced
  • How to prevent CSRF(XSRF)? Describe two measures.
  • What are the assumed capabilities of an attacker who has direct access to the network?
  • MRTD. What security features? Why are they important?
  • MC: Statements about Supplemental Access Control (SAC).
  • MC: File Upload Attack - identify vulnerable Parameters: upload null byte file; upload large file; upload wrong filetype.
  • What is SPIT, and why is it popular?
  • Why would an attacker want to use automated tools to attack SIP Servers?
  • MC: Statements about magnet stripe credit cards: Only one of three tracks contains payment data? Is M2M encoding being used? Does the magnet data contain the name of the account holder?
  • Android: How to use an App's Activites, ContentProviders, Services, BroadcastReceivers for an attack?
  • MC: Which measures can prevent a Session Fixation Attack? Create a new session upon login; filter input; use a high quality PRNG.
  • (~5 points) Padding Oracle: given message and cipher byte. Describe and perform xor operation (binary) in order to produce a valid padding.
  • (~5 points) Find Vulnerability in given code (kernel code related to Ceph filesystem). A kind of malformed integer overflow check before performing kmalloc() - heap overflow vulnerability? What range of input values triggers the vulnerability?
  • MC: x86: The ESP register points to the next instruction to execute. Yes/No?
  • (11 points) Given a code example in C, running on a x86 system with: ASLR, W^X, PIE. Find the vulnerability (buffer overflow). Write an exploit in your favorite language to spawn a shell (debug function is already included in given code which executes /bin/sh). Describe PIE. Which of {ASLR, W^X, PIE} can be enabled, must be enabled or must not be enabled for your exploit to work.