Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ Study Notes > CySA+ Study Notes 18 > Flashcards

CySA+ Study Notes 18 Flashcards

1
Q

code that can be used in general situations that is packaged for general sale usually on the dark web; ex : RATs for example.

A

Commodity Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

a threat research that source identifies IP address ranges and DNS domains that are linked with malicious activity, like sending spam or DDoS attacks.

A

Reputational Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

attacker determines which methods to complete phases of attack, use stealth to accomplish this, attacker discovers about target how organized and what security systems it has in place. May use passive / active scanning and if successful will be 1 or more potential exploits. Attacker needs to est. resources to launch attack, to evade detection will use botnet for DDoS attacks and exploits and then mask their origin.

A

Kill Chain : Reconnaissance (Stage 1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

attacker couples payload code that will enable access w/exploit code that will use a vuln. to execute on target system.

A

Kill Chain : Weaponization (Stage 2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

attacker identifies vector by which to transmit the weaponized code to target environ, like by email attachment or on USB drive.

A

Kill Chain : Delivery (Stage 3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

weaponized code is executed on target system, ex : phishing email may trick user into running the code while drive by download would execute on a vulnerable system w/o user intervention.

A

Kill Chain : Exploitation (Stage 4)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

mechanism enables weaponized code to run on remote access tool and achieve persistence on target system.

A

Kill Chain : Installation (Stage 5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

weaponized code est.’s an outbound channel to remote server that can be used to control remote access tool and possibly download extra tools to progress the attack.

A

Kill Chain : C2 or C&C (Stage 6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

attacker usually uses access he has achieved to covertly collect info from target systems and transfer to remote system (data exfiltration).

A

Kill Chain : Action on Objectives (Stage 7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

is built with SDO -> Observed Data : include IP address, change in exe file or sign., HTTP request or firewall blocking a connection attempt. Observables generated by logging/monitoring system. (2) Indicator : software would automate discovery of correlations between observables based on knowledge of past incidents and TTPs. (3) Attack Pattern : known adversary behaviors. (4) Campaign and Threat Actors : those launching the attacks. (5) CoA : mitigating actions or use of security controls to reduce risk from attacks or to resolve an incident.

A

STIX (is XML-based)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ Study Notes (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions