CySA+ Study Notes 2

Question 1

Spoofing, Tampering (gain unauthorized access etc), Repudiation (attempt to deny responsibility of attack even blame 3rd party), Info Disclosure (steal confidential info and sell to unauthorized person(s)), Denial of Service, Elevation of Privileges.

Answer 1

STRIDE

Question 2

breaks down system into smaller components then analyzes those components.

Answer 2

Reduction Analysis

Question 3

??? all of the systems and services that could present potential points of entry for an entry.

??? means used by attacker to gain initial access to system or network.

??? Adversary capability, total attack surface, attack vector, impact, likelihood.

??? organized systematic approach to seeking out IOC’s on networks using expertise and analytic techniques.

Answer 3

Total Attack Surface / Attack Vector / Threat Modeling Factors / Threat Hunting

Question 4

Threat hunting 1st est. hypothesis, then think of IOC’s like unusual binary files, unexpected process, unexplained log entries, etc … then once we find these we move into incident response process …

??? Adversarial, Tactics, Techniques, &, Common, Knowledge

Answer 4

info / MITRE ATT&CK

Question 5

??? 1) Adversary : person or group trying to compromise info or info systems could be external or internal threat. (2) Victim : entity targeted by attack, might be broad org. or a specific system. The adversary has (3) Capabilities to engage in a attack injection of SQL code is an example of capability. (4) Infrastructure : physical and logical resources that attacker has available to wage attack, infrastructure might include IP address, email addresses, etc anything that can be used by attacker.

Answer 5

Diamond Model of Intrusion Analysis

Question 6

??? (1) Timestamp, (2) Direction (tells us how the attack took place), (3) Phase, (4) Result (was attack successful? ) If attacker triggers an event in their own infrastructure that targets the victim, the “direction” is Infrastructure-to-victim. (5) Methodology corresponds to attack vector, and (6) Resources include the info, software, hardware, funds, facilities, and access needed to carry out an attack.

Answer 6

Diamond Model Meta Features

Question 7

??? focuses on activities of APTs, 1st Step : of attack is engage in recon, 2nd Stage : weaponization, create a weapon to target specific vulnerability in the victims environment. 3rd Stage : Delivery, deliver through some attack vector like email, an infected website, or infected storage media. 4th Stage : Exploitation, exploiting vulnerability to execute code on victims system, 5th Stage : Installation, installing malware on the asset, 6th Stage : Command and Control (C2), 7th Stage : Actions on Objectives, has actual access …

Answer 7

Cyber Kill Chain

Question 8

(UserMode) : run w/normal user privileges, easy to write / difficult to detect; KernelMode : run w/system privileges, difficult to write / easy to detect.

Answer 8

Rootkits

Question 9

writing virus in obfuscated assembly language, blocking use of system debuggers, preventing use of sandboxing.

Answer 9

Armored Virus Techniques

Question 10

Authority and Trust (people defer to authority), Intimidation (scaring people), Consensus/Social Proof (herd mentality), Scarcity (making people believe if they dont get the last one they will miss out), Urgency (pressured to act quickly because they are told time is running out), Familiarity/Liking (people want to say yes to someone they like).

Answer 10

Social Engineering Tactics