Practice Exam ยท Chapters 44โ€“53

Exam: Attack Techniques

Physical ยท DoS ยท DNS ยท Wireless ยท On-Path ยท Replay ยท Malicious Code ยท Application ยท Cryptographic ยท Password Attacks โ€” 20 scored questions + 2 scenario questions.

Chapters 44โ€“53 Practice Exam
๐Ÿ“ 20 scored questions โฑ๏ธ 30-minute target ๐ŸŽฏ Pass threshold: 80% (16/20)
Time remaining
30:00
Part A โ€” Multiple Choice (Questions 1โ€“20)
Ch 44 ยท Physical Attacks
Question 1 of 20
An attacker uses a device costing approximately $50 to read and clone an employee's HID proximity access badge from up to 18 inches away in a crowded elevator lobby. The cloned badge successfully opens every door the original badge accesses. No alarms triggered during the cloning operation. Which control would MOST effectively prevent this type of attack from granting unauthorized access to the facility?
โœ… C. The fundamental weakness of RFID badge-only access is that the badge is a single factor ("something you have") that can be copied. Multi-factor authentication (MFA) requires the attacker to also possess a second factor โ€” a PIN the victim knows, the victim's fingerprint, or a push notification to the victim's phone. Cloning the badge is irrelevant if the cloned badge alone is insufficient for entry. CCTV (B) detects after the fact but doesn't prevent access. Shorter-range cards (A) raise the difficulty but don't eliminate the attack. Business hours restriction (D) doesn't address the core vulnerability โ€” the badge can still be cloned and used during hours.
Ch 44 ยท Physical Attacks
Question 2 of 20
An attacker, having gained remote access to a data center's building management system via a phishing email, gradually reduces the HVAC cooling output over five hours. Server core temperatures rise until thermal protection circuits trigger automatic shutdown, taking the entire facility offline. How is this attack correctly classified?
โœ… B. Environmental attacks target the physical infrastructure that IT systems depend on โ€” power, cooling, humidity, and fire suppression systems. The attacker never touched a server; they attacked the cooling system that servers require to operate. This achieves availability disruption (effectively a DoS) through physical infrastructure rather than network-layer attack. Environmental attacks are particularly dangerous because building management systems are often poorly secured and separated from IT security governance. The defense includes network segmentation of building automation systems, monitoring environmental telemetry, and backup cooling capacity with automated alerts on temperature exceedance.
Ch 45 ยท Denial of Service
Question 3 of 20
An attacker sends 50-byte UDP queries to thousands of open DNS resolvers with the source IP spoofed as the victim's server address. Each resolver responds with a 4,300-byte DNS response directed at the victim. Using 10,000 resolvers, the attacker generates approximately 86ร— the traffic volume they injected. The victim's network link is saturated and legitimate users cannot connect. Which attack is described and why are open resolvers effective amplifiers?
โœ… B. DNS amplification uses two properties: (1) UDP source spoofing is possible โ€” UDP does not perform a handshake, so the attacker can set any source IP; (2) DNS responses are significantly larger than queries โ€” especially for ANY or DNSSEC responses, creating amplification factors of 50โ€“100ร—. The attacker expends 50 bytes of bandwidth to deliver 4,300 bytes to the victim per resolver. Open resolvers (configured to answer queries from any IP) are the involuntary amplifiers. The victim sees traffic from thousands of legitimate DNS server IPs, making source-IP blocking ineffective. Defense: configure DNS servers to reject recursive queries from external sources; ISP-level BCP38 filtering to block spoofed source IPs.
Ch 45 ยท Denial of Service
Question 4 of 20
What is the PRIMARY operational advantage that makes a DDoS attack harder to defend against than a single-source DoS attack?
โœ… C. The core defensive problem with DDoS is the distribution of source addresses. When a single attacker IP is flooding a target, the defender adds one firewall rule blocking that IP. When 100,000 botnet IPs are each sending a moderate stream of traffic, blocking any one source has negligible impact and there are too many to block individually. The attack volume also frequently exceeds the defender's upstream bandwidth capacity โ€” meaning traffic must be mitigated upstream at the ISP level or via a scrubbing service. This is why DDoS defense relies on specialized services (Cloudflare, Akamai) that can absorb and filter traffic at scale rather than simple firewall rules.
Ch 46 ยท DNS Attacks
Question 5 of 20
A penetration tester with local admin access to a workstation adds the following line to the hosts file: 203.0.113.5 internalbank.corp.com. Users of that workstation who type "internalbank.corp.com" in a browser are now directed to the tester's server. Which DNS attack category does this represent, and why does it bypass the corporate DNS server?
โœ… C. The OS hostname resolution order (on Windows and Linux) is: hosts file first, then DNS. If an entry exists in the hosts file for a given hostname, the DNS query is never made. Locations: Windows โ€” C:\Windows\System32\drivers\etc\hosts; Linux/macOS โ€” /etc/hosts. This attack is limited to the local machine (unlike DNS server compromise which would affect all clients) but is effective if the attacker has local admin access. DNSSEC cannot protect against this โ€” it signs DNS responses, but the hosts file bypasses DNS entirely. Defense: monitor hosts file integrity; restrict local admin access; use endpoint security tools that alert on hosts file modifications.
Ch 46 ยท DNS Attacks
Question 6 of 20
In October 2016, attackers gained control of all 36 domains belonging to a major Brazilian bank for approximately 6 hours by compromising a single account. During that window they controlled DNS records, SSL certificates, email routing, and online banking traffic โ€” redirecting 5 million customers to fraudulent sites. What type of DNS attack does this represent and why was controlling one account sufficient to affect 36 domains?
โœ… B. Domain hijacking exploits the registrar account as a single point of control for all domains under it. When all domains for an organization are managed under one registrar account, that account grants authority over all zone files, nameserver delegations, and certificate management (via DNS-based DV certificate issuance). Compromising one account with one set of credentials achieved simultaneous control of 36 domains. The defense is multi-factor authentication on registrar accounts, domain registry locking, and separating high-value domains across different accounts or registrars to limit blast radius from a single credential compromise.
Ch 47 ยท Wireless Attacks
Question 7 of 20
An attacker on a corporate Wi-Fi network uses a script to continuously transmit 802.11 deauthentication management frames targeting all clients associated with the company's access point. Clients disconnect and cannot maintain connections because they are immediately deauthenticated upon reconnecting. Which statement BEST explains the root cause of this attack's effectiveness and the standard technical defense?
โœ… B. In the original 802.11 specification, management frames (deauthentication, disassociation, beacon) were designed without authentication mechanisms. Any device can inject a deauthentication frame with any source MAC address, and clients will honor it โ€” because they have no way to verify whether it came from the legitimate AP or an attacker. 802.11w (Management Frame Protection), ratified in 2009 and incorporated into WPA3, addresses this by requiring unicast management frames to be protected by a shared key derived during the WPA2/3 handshake. Clients and APs supporting 802.11w will only accept signed management frames, ignoring forged ones.
Ch 47 ยท Wireless Attacks
Question 8 of 20
A security team is tasked with locating an unknown RF transmitter causing 2.4 GHz interference across an office building. They use a directional (Yagi) antenna connected to a spectrum analyzer to identify the signal direction, walk the building's perimeter noting where signal strength peaks, then progressively reduce the apparent signal range by inserting an RF attenuator as they close in on the source โ€” eventually locating a rogue device hidden behind a server rack. What is this methodology called?
โœ… C. Fox hunting (named after the amateur radio sport "foxhunting" or "ARDF" โ€” Amateur Radio Direction Finding) is the methodology for physically locating a radio transmitter using directional equipment. Key tools: directional antenna (Yagi or similar) to determine bearing to the signal source; attenuator (reduces sensitivity as you get close to avoid the signal overwhelming the detector, which would make it appear to come from everywhere). The technique: sweep direction, find peak signal bearing, move in that direction, use attenuator as signal strengthens to maintain directional sensitivity. This skill is directly applicable to locating rogue access points, RF jammers, and unauthorized transmitters.
Ch 48 ยท On-Path Attacks
Question 9 of 20
An attacker connected to a switched corporate LAN sends unsolicited ARP reply packets to a victim workstation claiming "the gateway IP 192.168.1.1 is at MAC AA:BB:CC:DD:EE:FF" (the attacker's MAC). The workstation updates its ARP cache and begins forwarding all gateway-bound traffic to the attacker. The attacker forwards traffic normally to prevent detection. Which layer-2 security feature on managed switches would prevent this attack?
โœ… B. Dynamic ARP Inspection (DAI) works by maintaining a binding table (populated by DHCP snooping or static entries) that maps IP addresses to their legitimate MAC addresses and switch ports. When an ARP reply arrives, the switch validates the claimed IP-to-MAC mapping against this table before forwarding it. An attacker claiming "192.168.1.1 is at AA:BB:CC:DD:EE:FF" fails the DAI check because the table shows 192.168.1.1 is bound to the gateway's real MAC on the uplink port โ€” not the attacker's MAC on their access port. The frame is dropped. VLAN segmentation (C) limits broadcast domains but doesn't stop ARP spoofing within the same VLAN where attacker and victim coexist.
Ch 48 ยท On-Path Attacks
Question 10 of 20
A victim's computer has a banking trojan installed that registers itself as a browser helper object. The victim visits their bank's website using HTTPS. The padlock icon shows a valid certificate. Despite HTTPS being intact, the attacker captures the victim's account credentials and modifies the transfer amount before it is submitted. Which explanation BEST describes why HTTPS failed to protect the victim?
โœ… C. This is the key insight of on-path browser attacks (also called man-in-the-browser or MitB): the attack does not need to break TLS because it operates on the inside of the TLS endpoint. The browser decrypts TLS data before displaying it and encrypts data before sending it. The malicious browser extension or helper object inserts itself into that process โ€” reading decrypted content from the DOM (document object model) and modifying POST data before the browser re-encrypts it for transmission. From the network's perspective: HTTPS connection is legitimate, certificate is valid, encryption is intact. The bank's servers receive what appears to be a valid, authenticated session. The compromise is invisible to network monitoring. Defense: out-of-band transaction verification (e.g., SMS or app confirmation for transfers).
Ch 49 ยท Replay Attacks
Question 11 of 20
An attacker compromises a Windows workstation and uses a credential dumping tool to extract NTLM password hashes from LSASS memory. Without ever cracking or reversing the hashes, the attacker successfully authenticates to a file server and a domain controller using the extracted hash values directly. Which attack is described and what property of the NTLM authentication protocol makes this possible?
โœ… B. Pass-the-hash is possible because NTLM uses a challenge-response protocol where the authentication proof is computed from the NT hash, not the plaintext password. The server sends a random challenge; the client responds with HMAC-MD5(NT_hash, challenge). If you have the NT hash, you can compute the correct response โ€” the plaintext password is never needed. This makes NTLM fundamentally vulnerable to credential reuse: obtaining the hash from one system grants access to any other system where the same credentials are valid, without ever cracking the password. Defense: Kerberos (which uses tickets and temporal nonces, not replayable hashes); Protected Users group; Credential Guard (which prevents hash extraction from LSASS).
Ch 49 ยท Replay Attacks
Question 12 of 20
The Firesheep Firefox extension (released October 2010) allowed non-technical users at coffee shops to click a button and instantly take over the Facebook, Twitter, or Amazon sessions of others on the same Wi-Fi network. Which vulnerability did it exploit, and which combination of controls would prevent this attack?
โœ… B. Firesheep exploited the fact that many major websites in 2010 performed their login pages over HTTPS but then issued session cookies without the Secure flag and transmitted subsequent pages over HTTP. On an open Wi-Fi network (shared broadcast medium), all HTTP traffic is visible to any device in passive listening mode. Firesheep simply captured these unencrypted session cookies from the Wi-Fi broadcast and replayed them. The Secure cookie flag instructs browsers to never transmit a cookie over HTTP, only HTTPS. HSTS ensures HTTPS is always used. Together, they ensure session cookies are never transmitted in a form capturable by passive sniffing. Firesheep's release forced major sites to implement site-wide HTTPS for session management, accelerating HTTPS adoption industry-wide.
Ch 50 ยท Malicious Code
Question 13 of 20
WannaCry (May 12, 2017) infected approximately 230,000 systems across 150 countries in a single day. The malware encrypted victim files and demanded Bitcoin payment. It spread autonomously across networks without any user interaction. The NSA had discovered the underlying vulnerability years earlier. A security researcher stopped the global outbreak by registering a domain name for $10.69. Which combination of malware categories BEST classifies WannaCry, and what was the kill switch mechanism?
โœ… B. WannaCry = ransomware (encrypts files, demands payment) + worm (EternalBlue/MS17-010 SMB exploit for autonomous propagation โ€” no user needed to open a file). The kill switch was an anti-analysis artifact: malware authors sometimes check whether a specific domain resolves as a sandbox detection mechanism (sandboxes often resolve all domains). The researcher Marcus Hutchins registered the domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) for $10.69 โ€” once it resolved, the malware's check returned "domain exists โ†’ exit." The underlying exploit, EternalBlue, exploited CVE-2017-0144 in Windows SMBv1 โ€” patched by Microsoft in March 2017 (MS17-010) before WannaCry, but millions of systems remained unpatched when the attack occurred in May 2017.
Ch 50 ยท Malicious Code
Question 14 of 20
In 2018, attackers compromised the British Airways website and injected 22 lines of JavaScript into the payment checkout page. For two weeks, every customer entering payment details had their card number, CVV, and billing address silently exfiltrated to an attacker-controlled server โ€” simultaneously with the legitimate payment completing. Approximately 380,000 customers were affected and British Airways received a ยฃ20M GDPR fine. What web attack technique does this represent?
โœ… C. Formjacking (also called a Magecart attack after the criminal group that pioneered it at scale) injects malicious JavaScript into e-commerce payment forms. When the victim types card data and submits the form, the injected script fires first โ€” copying all field values to an attacker-controlled endpoint. The legitimate payment also completes, so the victim has no indication anything was wrong. Unlike SQL injection (B), no stored database is accessed. Unlike XSS (A), the goal isn't browser script execution for other purposes โ€” it's specifically the skimming of form data. This attack targets the client side, meaning server-side security (WAF, database controls) provides no protection; Content Security Policy (CSP) restricting which domains JavaScript can phone home to is the primary technical defense.
Ch 51 ยท Application Attacks
Question 15 of 20
An application's login query is: SELECT * FROM users WHERE username='[INPUT]' AND password='[INPUT]'. An attacker enters admin'-- as the username and any string as the password. The resulting query is: SELECT * FROM users WHERE username='admin'--' AND password='anything'. The attacker is authenticated as admin. Which vulnerability enables this attack and what is the complete, correct remediation?
โœ… C. SQL injection occurs when user input is concatenated directly into a SQL statement, allowing the user to inject SQL syntax. Here: (1) the single quote (') closes the string literal that started with username='; (2) -- comments out the rest of the line, eliminating the password check entirely. The database executes: SELECT * FROM users WHERE username='admin' โ€” which returns the admin record with no password verification. The fix is parameterized queries: the query structure is fixed (e.g., SELECT * FROM users WHERE username=? AND password=?), and user input is passed as bound parameters. The database driver ensures parameters are treated as data values, never as SQL syntax โ€” the single quote in admin'-- becomes a literal character search, not a string delimiter.
Ch 51 ยท Application Attacks
Question 16 of 20
A victim is authenticated to their bank. They visit a forum that contains a hidden image tag: <img src="https://bank.com/transfer?to=attacker&amount=5000" style="display:none">. Their browser automatically sends a GET request to that URL, including their bank session cookie. The transfer completes successfully. The victim authorized nothing. Which attack is described and what server-side control specifically prevents it?
โœ… C. CSRF exploits the browser's automatic inclusion of cookies with requests. The victim's browser holds a valid bank session cookie. When the forum page's image tag triggers a GET to bank.com, the browser automatically attaches the session cookie โ€” authenticating the request as the victim. The bank server sees a valid, authenticated request and executes the transfer. The anti-CSRF token breaks this: each form includes a cryptographically random, per-session token. The server validates the token on submission. An attacker on a different origin cannot read the victim's token (same-origin policy prevents cross-origin JavaScript from reading page content) and therefore cannot forge a valid request. Note: for this attack, the action was triggered via GET (poor practice); state-changing operations should use POST with anti-CSRF tokens, and SameSite=Strict cookie attribute also mitigates CSRF.
Ch 52 ยท Cryptographic Attacks
Question 17 of 20
SHA-1 has a 160-bit output, which would suggest 2160 operations needed to find any two inputs with the same hash. The SHAttered attack (2017) found a practical collision using approximately 263 operations โ€” about 100 quadrillion times fewer. SHA-256 provides 128-bit collision resistance despite its 256-bit output. What principle explains why collision resistance is half the output size in bits?
โœ… B. The birthday bound is the fundamental reason collision resistance is half the output bit length. The birthday paradox states that finding any two matching values from a set of N possibilities requires only โˆšN trials. โˆš(2256) = 2128. This is a mathematical property of probability โ€” not a design flaw in any specific algorithm. The insight is "any two" rather than "a specific one": there are n(n-1)/2 pairs to check among n trials, so collisions become probable when n โ‰ˆ โˆšN. SHA-256's defense against birthday attacks is the 256-bit output giving 128-bit collision resistance โ€” computationally infeasible. SHA-1's birthday bound of 280 was theoretically breakable, and structural weaknesses in SHA-1's design allowed SHAttered to achieve it at 263.
Ch 52 ยท Cryptographic Attacks
Question 18 of 20
A security architect configures a web server to reject all connections using SSL 3.0, TLS 1.0, and TLS 1.1, supporting only TLS 1.2 and TLS 1.3. Which attack does this configuration specifically prevent, and what is the mechanism by which removing legacy protocol support provides protection?
โœ… C. POODLE (Padding Oracle On Downgraded Legacy Encryption) requires two phases: first, downgrade the TLS connection to SSL 3.0 (by injecting errors that cause successive TLS version failures); second, exploit SSL 3.0's CBC mode padding oracle. If the server has no SSL 3.0 or legacy TLS support, the downgrade has no destination โ€” the connection fails rather than succeeding on a vulnerable protocol. The padding oracle in SSL 3.0 is then unreachable. This is an implementation attack (the TLS algorithm isn't broken; the fallback configuration was vulnerable) requiring an implementation fix (remove the fallback target). SSL stripping (A) is addressed by HSTS โ€” not by disabling legacy TLS versions; those are independent issues.
Ch 53 ยท Password Attacks
Question 19 of 20
Authentication logs for a corporate VPN show that between 2:00 AM and 3:00 AM, 643 accounts each received exactly two failed login attempts using the passwords "Welcome1" and "CompanyName2024". No account was locked out. The VPN's account lockout policy triggers after 5 consecutive failures. Which attack occurred and what is the most effective single control to mitigate it?
โœ… C. Password spraying's defining signature is exactly what the logs show: many accounts, few attempts each, same password(s) โ€” and no lockouts. "Welcome1" and "CompanyName2024" are textbook spray targets: the first is a generic workplace-welcome pattern; the second is an organization-name + year pattern, extremely common as a "meets complexity requirements" password choice. The attack is specifically designed to stay below the lockout threshold โ€” reducing the threshold to 3 (instead of 5) would just force the attacker to use 2 attempts instead of more. MFA is the correct control: even if one of 643 accounts uses "Welcome1" and the attacker finds it, they still cannot authenticate without the second factor the attacker doesn't possess.
Ch 53 ยท Password Attacks
Question 20 of 20
A web application's password database is breached. Passwords were stored as SHA-256 hashes without salting. An attacker using a GPU cluster cracks 60% of accounts within 4 hours, including many that shared the same password (cracked once, applied to all identical hashes). The security team proposes the following fixes: (I) add account lockout to the login page; (II) switch to bcrypt with per-user salting. Which proposal(s) correctly address the demonstrated vulnerability and why?
โœ… B. This is a critical exam distinction. The demonstrated attack was offline brute force โ€” the attacker ran cracking tools against the downloaded hash file. Account lockout (I) applies to the live authentication endpoint; the cracking phase never made a single login attempt โ€” there is nothing to lock out. Adding lockout to the login page does nothing to stop an attacker who already has the hash file and is cracking it locally. Bcrypt (II) addresses the attack directly: SHA-256 evaluates at ~10 billion hashes/second per GPU; bcrypt (cost 12) evaluates at ~20,000/second โ€” a 500,000ร— slowdown that makes the 60%-in-4-hours result impossible. Per-user salting prevents identical-password batch cracking (one crack doesn't apply to all accounts with the same password) and defeats rainbow table lookups. These two controls target the offline cracking capability itself.
Part B โ€” Scenario Analysis (Unscored โ€” for practice)
Ch 44โ€“49 ยท Scenario
Scenario A โ€” Multi-Stage Network Attack Classification

A security team investigates a serious incident at a financial services firm. The timeline shows: (1) An on-path attacker on the corporate LAN sent forged ARP replies claiming the gateway's IP belonged to the attacker's MAC, redirecting all employee traffic through the attacker's machine. (2) During this interception, the attacker captured session cookies for the HR portal โ€” which used HTTP for session management. (3) Using these cookies, the attacker accessed the HR portal without credentials, changed bank routing information for payroll, and exfiltrated employee records. (4) A separate investigation reveals an IT admin's Active Directory credentials were stolen via pass-the-hash โ€” their NTLM hash was extracted from a compromised workstation and used to authenticate to the domain controller without ever cracking it. Classify each stage of the attack, identify the vulnerable design decision that enabled each, and specify the exact technical control that would have prevented each stage.

Stage 1 โ€” ARP Poisoning (On-Path Attack):
Classification: ARP poisoning / on-path attack at Layer 2. The attacker exploited the lack of ARP validation โ€” ARP has no authentication; any device can claim any IP-to-MAC mapping.
Vulnerable design: No Dynamic ARP Inspection (DAI) on the managed switch.
Control: DAI validates ARP packets against the DHCP snooping binding table. An ARP reply claiming the gateway IP with a non-gateway MAC would be dropped at the switch port before reaching any endpoint. This single control stops ARP poisoning entirely on a managed switch.

Stage 2 โ€” Session Cookie Capture:
Classification: Session hijacking / replay attack. Once on-path, the attacker captured plaintext session cookies from HTTP traffic.
Vulnerable design: The HR portal issued session cookies without the Secure flag (allowing HTTP transmission) and did not enforce HTTPS for authenticated sessions.
Control: (1) Secure cookie flag โ€” instructs browsers to never send the cookie over HTTP; (2) HTTPOnly flag โ€” prevents JavaScript access; (3) HSTS โ€” enforces HTTPS for all communication, so even if ARP poisoning succeeds, the attacker sees only encrypted HTTPS traffic and cannot read session cookies from it. Note: if stage 1 (ARP poisoning) is prevented, stage 2 becomes impossible anyway. Defense in depth means each stage has an independent control.

Stage 3 โ€” Unauthorized HR Portal Access:
Classification: Session replay attack using hijacked credentials (the captured session cookie). The attacker used a valid cookie to impersonate an authenticated employee.
Vulnerable design: Session cookies had no binding to IP address or user-agent; the cookie was sufficient alone for authentication with no secondary factor.
Control: Beyond cookie security, adding MFA at the HR portal for sensitive actions (payroll routing changes, bulk data exports) would have required the attacker to have a second factor they lacked. Activity monitoring โ€” alerts on bulk data exports or payroll routing changes โ€” would have detected the anomalous access regardless of authentication method.

Stage 4 โ€” Pass-the-Hash Domain Controller Access:
Classification: Pass-the-hash attack. NTLM authentication accepts the hash directly as proof of identity โ€” the attacker never needed the plaintext password.
Vulnerable design: (1) NTLM authentication still enabled on the domain controller; (2) LSASS credential storage not protected against memory scraping; (3) admin account used for day-to-day workstation activity, leaving hashes cached on endpoints.
Controls: (1) Credential Guard โ€” isolates LSASS in a virtualized secure container; credential dumping tools cannot read credentials from it; (2) Protected Users security group โ€” prevents NTLM authentication for group members (forces Kerberos, which uses time-limited tickets with nonces rather than replayable hashes); (3) Privileged Access Workstations (PAW) โ€” admin accounts should only be used on hardened, dedicated machines, not general-purpose workstations where malware can dump their hashes; (4) Disable NTLM authentication domain-wide where Kerberos is available.
Ch 50โ€“53 ยท Scenario
Scenario B โ€” Cryptographic and Password Security Audit

A security auditor reviews a company's authentication and cryptographic posture and finds three issues: (1) The company's document management system signs contracts using MD5 as the hash algorithm before applying RSA-2048 signatures. (2) The public-facing web portal redirects HTTP to HTTPS via a 301 response, but has no HSTS header; a demo shows an attacker on the same Wi-Fi network can capture employee credentials in plaintext. (3) The employee portal's password database uses SHA-256 without salting. After a simulated breach of the password table, a GPU cluster cracks 55% of passwords in 3 hours, and all 47 accounts using the same password ("Welcome1") are cracked simultaneously from a single hash computation. For each finding, state the attack it enables, classify it as an algorithm attack or implementation attack, and provide the precise remediation.

Finding 1 โ€” MD5 Document Signing:
Attack enabled: Birthday attack / hash collision. An attacker can engineer two documents with the same MD5 hash (practical since 2004). Having an authorized party sign the legitimate document, the attacker substitutes the fraudulent one โ€” the RSA-2048 signature validates on the fraudulent document because both share the same MD5 digest. RSA-2048 is not involved in the vulnerability; the weakness is entirely in the hash algorithm.
Classification: Algorithm attack. MD5's collision vulnerability is in its mathematical design. Any correct implementation of MD5 is vulnerable โ€” the issue is the algorithm choice, not the configuration.
Remediation: Replace MD5 with SHA-256 in the signature algorithm (SHA-256withRSA). SHA-256 provides 2128 birthday-bound collision resistance โ€” computationally infeasible. Re-sign any high-value existing contracts with SHA-256 where legally required.

Finding 2 โ€” HTTP to HTTPS Redirect Without HSTS:
Attack enabled: SSL stripping. An on-path attacker intercepts the 301 redirect before it reaches the browser. The victim's browser never learns HTTPS exists; stays on HTTP; transmits credentials in plaintext. The attacker maintains HTTPS with the server. No browser warning appears. The demo confirms this works despite HTTPS being configured.
Classification: Implementation attack. HTTPS is correctly configured on the server. TLS is not broken. The 301 redirect is a server response that can be intercepted. The deployment is vulnerable because HSTS (which makes HTTPS enforcement browser-side, before any HTTP request is sent) was not implemented.
Remediation: Add the HSTS header to all HTTPS responses: Strict-Transport-Security: max-age=31536000; includeSubDomains. After browsers store this policy, they refuse to send any HTTP request to the domain โ€” SSL stripping has nothing to intercept. For maximum protection: submit to the HSTS preload list (ships the policy in the browser, protecting first-time visitors before they've ever received the HSTS header).

Finding 3 โ€” SHA-256 Without Salting:
Attack enabled: Two simultaneous vulnerabilities: (a) Offline brute force at GPU speed โ€” SHA-256 evaluates at ~10 billion hashes/second; 55% cracked in 3 hours demonstrates the speed advantage over slow-hash algorithms like bcrypt. (b) Batch cracking of identical passwords โ€” without salting, all 47 accounts using "Welcome1" store the same hash; cracking it once reveals all 47 passwords simultaneously, multiplying the attacker's return per cracking computation.
Classification: Implementation attack. SHA-256 is a sound cryptographic algorithm โ€” but it is designed for speed (cryptographic agility, code signing, data integrity). For password storage, speed is a liability; an attacker benefits from the same speed. Using SHA-256 for passwords without salting is a deployment choice, not an algorithm flaw.
Remediation: (1) Replace SHA-256 with bcrypt (cost โ‰ฅ 12) or Argon2id โ€” algorithms designed to be computationally expensive per hash (~50ms per attempt vs. ~0.0001ms for SHA-256); this reduces GPU cracking from billions/second to thousands/second. (2) Add per-user random salting โ€” unique salt generated for each user, stored alongside the hash; identical passwords produce different hashes; rainbow tables are useless; batch cracking is eliminated โ€” each account must be attacked individually. Both controls are required together; bcrypt already includes internal salting, making it the single recommended choice for new implementations.
โ† Exam: Ch 40โ€“43 All Chapters
โ€”
Pass threshold: 80% (16 / 20 correct)
โ† Ch 40โ€“43 Exam All Chapters