Chapter 4- Malware Exploitation Flashcards

1
Q

Describes the specific method by which walware code infects a target host.

A

Exploit Technique

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malware designed to install or run other types of malware embedded in a payload on an infected host.

A

Dropper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A piece of code that connects to the Internet to retrieve additional tools after the initial infection by a dropper.

A

Downloader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Any lightweight code designed to run an exploit on the target, which may include any type of code format from scripting languages to binary code.

A

Shellcode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Exploit technique that runs malicious code with the identification number of a legitimate process.

Examples

  • Masquerading
  • DLL injection
  • DLL sideloading
  • Process hollowing
A

Code Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Exploit techniques that use standard system tools and packages to perform intrusions.

A

Living Off the Land

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

is a security device, computer hardware or software that can help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your computer.

A

Software Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does IDS stand for?

A

Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack.

A

Intrusion Detection System (IDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does HIDS stand for?

A

Host-based Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does NIDS stand for

A

Network-based Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the different types of detection methods?

A
  • Signature
  • Policy
  • Anomaly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A specific string of bytes triggers an alert.

A

Signature-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Relies on specific declaration of the security policy (i.e., ‘No Telnet Authorized’).

A

Policy-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average.

A

Anomly-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the type of alerts?

A
  • True Positive
  • False Negative
  • True Negative
  • False Negative
17
Q

Malicious activity is identified as an attack.

A

True Positive

18
Q

Legitimate activity is identified as an attack.

A

False Positive

19
Q

Legitimate activity is identified as legitimate traffic.

A

True Negative

20
Q

Malicious activity is identified as legitimate traffic.

A

False Negative

21
Q
A