Exploring Threat Intelligence and Threat Hunting Concepts

Question 1

Advanced Persistent

Answer 1

Threat actors with the ability to craft novel exploits and techniques to obtain, maintain, and diversify unauthorized access to network systems over a long period.

Question 2

Virus

Answer 2

Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.

Question 3

Command and Control

Answer 3

Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets

Question 4

Exploits

Answer 4

A specific method by which malware code infects a target host, often via some vulnerability in a software process.

Question 5

Metasploit

Answer 5

A platform for launching modularized attacks against known software vulnerabilities

Question 6

Tactics, techniques, and procedures (TTPs)

Answer 6

TTPs are the methods used to conduct an action, such as performing an attack, and can be beneficial when attempting to ascertain attack patterns.

Question 7

User and Entity Behavior Analytics(UEBA)

Answer 7

A system that can provide automated identification of suspicious activity by user accounts and computer hosts.

Question 8

Adversarial Tactics, Techniques, and Common Knowledge(ATT&CK)

Answer 8

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and procedures.

Question 9

Open-source Intelligence(OSINT)

Answer 9

Publicly available information plus the tools used to aggregate and search it

Question 10

Information Sharing and Analysis Centers(ISACs)

Answer 10

A not-for-profit group set up to share sector-specific threat intelligence and security best practices among its members.

Question 11

Confidence Level

Answer 11

A metric that helps rank or score threat intelligence to help isolate highly applicable or highly likely threat intelligence

Question 12

Threat Hunting

Answer 12

A cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring.

Question 13

Cyber Threat Intelligence

Answer 13

The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources.

Question 14

Indicators of Attack(IoAs)

Answer 14

Signs or clues indicating a malicious attack on a system or network is currently occurring. These include, but are not limited to, unusual network traffic, strange log file entries, or suspicious user account activity.

Question 15

Crowdsourced

Answer 15

A process in which a large group of individuals, usually from the public, are asked to contribute to a project or task. It often involves the collection of ideas, information, opinions, or feedback from a wide range of people, typically through an online platform.

Question 16

Indicators of Compromise(IoCs)

Answer 16

A sign that an asset or network has been attacked or is currently under attack.

Question 17

Honeypots

Answer 17

A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration.

Question 18

Intrusion Detection Systems

Answer 18

A security appliance or software that analyzes data from a packet sniffer to identify traffic that violates policies or rules.