What technique places an executable in a path so that the application will execute it in place of the legitimate target?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

What technique places an executable in a path so that the application will execute it in place of the legitimate target?

Explanation:
System path resolution and execution order are being tested. Path Interception occurs when an attacker places a malicious executable with the same name as a legitimate target in a directory that is searched earlier in the system’s search path. Because the operating system runs the first matching file it finds, the attacker’s binary gets executed in place of the real program. For example, if a program is started by name and the PATH includes a directory ahead of the legitimate one, a malicious file with the same name in that earlier directory will be found first and run instead of the genuine target. This is different from techniques that rely on scheduling tasks or moving laterally in a network; those approaches don’t directly swap out a binary at runtime based on the search path. Defenses involve ensuring the system doesn’t rely on potentially untrusted path entries: use absolute paths when launching executables, restrict or securely order the PATH so trusted directories come first, implement application whitelisting or code signing, and monitor for files with names matching legitimate binaries appearing in unexpected locations.

System path resolution and execution order are being tested. Path Interception occurs when an attacker places a malicious executable with the same name as a legitimate target in a directory that is searched earlier in the system’s search path. Because the operating system runs the first matching file it finds, the attacker’s binary gets executed in place of the real program.

For example, if a program is started by name and the PATH includes a directory ahead of the legitimate one, a malicious file with the same name in that earlier directory will be found first and run instead of the genuine target. This is different from techniques that rely on scheduling tasks or moving laterally in a network; those approaches don’t directly swap out a binary at runtime based on the search path.

Defenses involve ensuring the system doesn’t rely on potentially untrusted path entries: use absolute paths when launching executables, restrict or securely order the PATH so trusted directories come first, implement application whitelisting or code signing, and monitor for files with names matching legitimate binaries appearing in unexpected locations.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy