Chapter 4- Malware Exploitation Flashcards
Describes the specific method by which walware code infects a target host.
Exploit Technique
Malware designed to install or run other types of malware embedded in a payload on an infected host.
Dropper
A piece of code that connects to the Internet to retrieve additional tools after the initial infection by a dropper.
Downloader
Any lightweight code designed to run an exploit on the target, which may include any type of code format from scripting languages to binary code.
Shellcode
Exploit technique that runs malicious code with the identification number of a legitimate process.
Examples
- Masquerading
- DLL injection
- DLL sideloading
- Process hollowing
Code Injection
Exploit techniques that use standard system tools and packages to perform intrusions.
Living Off the Land
is a security device, computer hardware or software that can help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your computer.
Software Firewall
What does IDS stand for?
Intrusion Detection System
Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack.
Intrusion Detection System (IDS)
What does HIDS stand for?
Host-based Intrusion Detection System
What does NIDS stand for
Network-based Intrusion Detection System
What are the different types of detection methods?
- Signature
- Policy
- Anomaly
A specific string of bytes triggers an alert.
Signature-based
Relies on specific declaration of the security policy (i.e., ‘No Telnet Authorized’).
Policy-based
Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average.
Anomly-based