Analyzing Lateral Movement and Pivoting IOCs Flashcards

1
Q

A technique to progressively move through a network to search for the key data
and assets that are ultimately the target of an attack campaign

A

Lateral Movement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The use of one infected computer to attack a different computer
Pivoting uses the compromised system to attack other systems on the same
network to avoid restrictions such as firewall configurations
When an attacker uses a compromised host (the pivot) as a platform from which
to spread an attack to other points in the network

A

Pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A network-based attack where the attacker steals hashed user credentials and
uses them as-is to try to authenticate to the same network the hashed credentials
originated on

A

Pass the Hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An open-source application that allows users to view and save authentication
credentials in order to perform pass the hash attacks

A

Mimikatz

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

While a pass the hash attack will work on local workstations, a Kerberos ticket is
needed in an Active Directory environment
A Kerberos ticket that can grant other tickets in an Active Directory environment
Golden tickets can grant administrative access to other domains members and
domain controllers

A

Golden Ticket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The trust anchor of the Active Directory domain which functions like a private key
of a root certificate authority and generates ticket-granting tickets (TGT) that are
used by users to access services within Kerberos

A

krbtgt hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Any combination of hardware and software to enable the remote access tools or
information that typically reside on a network of IT devices

A

Remote Access Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Provides users with a terminal interface and enables administrators to run scripts
to manage those computers

A

Windows Management Instrumentation Command-Line (WMIC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A tool developed as an alternative to Telnet and other remote access services
which utilizes the Windows SYSTEM account for privilege escalation

A

PsExec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A task automation and configuration management framework from Microsoft,
consisting of a command-line shell and the associated scripting language

A

A tool developed as an alternative to Telnet and other remote access services
which utilizes the Windows SYSTEM account for privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly