Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IR / TH > IC/TH > Flashcards

IC/TH Flashcards

Results

1
Q

THREAT HUNTING DEFINITION

A

PROACTIVE SEARCH FOR MALICIOUS ACTIVITY THAT HAS EVADED YOUR STATIC DEFENSEs IN PLACE Ex,,,, IDS, IPS, FIREWALLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

THREAT HUNTING GOAL

A

PREVENT ADVERSARY FROM CONDUCTING INTENDED AO / DEVELOP NOVEL WAYS OF DETECTION / AUTOMATION, YOU CAN ALSO LEARN YOUR ENVIRONMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WHAT IS LOCKMARTIN KILL CYCLE

A

RWD-EIC-AO

RECONNAISSANCE, WEAPONIZATION, DELIVERY, EXPLOITATION, INSTALLATION, COMMAND AND CONTROL, ACTIONS AND OBJECTIVES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

RECONNAISSANCE

A

STEP 1 , HARVEST EMAIL ADDRESSES & CONFERENCE INFO ETC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

WEAPONIZATION

A

STEP 2, CREATING FAKE EMAILS, SOCIAL ENGINEERING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DELIVERY

A

STEP 3, DELIVER WEAPONIZED BUNDLE TO THE VICTIM VIA EMAIL, USB , WEB , ETC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

EXPLOITATION

A

STEP 4, EXPLOITING A VULNERABILITY TO EXECUTE CODE, SOCIAL ENGINEERING, OR VULNERABILITY IN SYSTEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

INSTALLATION

A

STEP 5, INSTALLING MALWARE ON ASSETS, GETTING ACCESS TO PASSWORDS,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

COMMAND AND CONTROL

A

STEP 6, PERSISTENT ACCESS TO NETWORK /REMOTE MANIPULATION, MOVING LATERALLY/ HANDS ON KEYBOARD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ACTIONS OR OBJECTIVES

A

STEP 7 , WITH HANDS ON KEYBOARD ACCESS INTRUDERS ACCOMPLISH ORIGINAL GOALS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

WHAT THREAT HUNTING REALLY

A

ISOLATING LONG INFORMATION AND ANALYZING / MANUAL PROCESS DONE BY PEOPLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

WHERE WAS THREAT HUNTING DONE PREVIOUSLY

A

ENDPOINTS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SPLUNK THREAT HUNTING

A

SPLUNK IS AN ANALYTICS SIEM PLATFORM USED FOR IMPORTING AND ANALYZING DATA FROM NETWORK INFRASTRUCTURE LOGS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

THREAT HUNTING IN EXCEL

A

COMPILING DATA/ COUNTING/ HOW MANY TIME AM I SEE THIS ? HOW FEW TIMES HAVE I SEEN THIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

NETWORK THREAT HUNTING DEFINED

A

PROACTIVE APPROACH TO ANALYSIS THAT ADDRESSES GAPS IN STATIC NETWORK DEFENSES AND ENABLES ADVANCED DETECTION AND TECHNIQUES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

STEP 1 THREAT HUNTING

A

COLLECT DATA, LEVERAGE KNOW ADVERSARY TECHNIQUES, LOOK FOR ACTIVITY, STARTING WITH REPORTS ( USCERT /RECORDED FUTURE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

THREAT HUNTING VS IR

A

IR IS ALERT DRIVEN / THREAT HUNTING IS AN ASSUMED BREACH MENTALITY FOCUSING ON POST EXPLOITATION ANALYSIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

WHAT IS POST EXPLOITATION

A

STEPS 5/6/7 INSTALLATION, C2, AOB- PERSISTANCE/PRIV ESCALATION /DEFENSE EVASION, CREDENTIAL ACCESS, LATERAL MOVEMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

NETWORK ENABLED DETECTION

A

STEPS 3/4 -WE GET TO SEE MALWARE DELIVERED /TECHNIQUES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

WHY THREAT HUNTING

A

ADDRESSES GAPS/DEFENSE IN DEPTH/METHODICALLY DEVELOPS ATTACKER MINEFIELD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

WHAT THREAT HUNTING IS NOT

A

NOT ANOTHER PRODUCT /NOT A REPLACEMENT FOR NETWORK SECURITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

WHO SHOULD BE DOING THREAT HUNTING

A

INCIDENT RESPONDER / SOMEONE WITH PROBLEM SOLVING MINDSET WHO CAN ORGANIZE DATA THAT WILL YIELD RESULTS

23
Q

PRE HUNT STEP 1

A

PREP ENVIRONMENT / WHAT TOOLS ARE GIVING YOU THE DATA / IPS /IDS / FIREWALLS / WEB PROXY/ WHERE TOOLS ARE PLACED

24
Q

PRE HUNT STEP 2

A

UNDERSTAND SUITABILITY OF DATA /

25
Q

DATA DICTIONARY

A

SOURCE OF DATA TO WORK WITH FOR PRE HUNT

26
Q

DATA MODELING

A

HOW TO MAP DATA COMING FROM DIFFERENT SOURCES INTO MEANINGFUL ANALYSES FRAMEWORK

27
Q

DATA QUALITY

A

YOU DON’T WANT ERRONEOUS OR SPAM RESULTS

28
Q

SELECTION OF MODEL

A

EXPLANATION

29
Q

HYPOTHESIS GENERATION TEMPLATE

A

RESEARCHING / SCOPING TEMPLATE

30
Q

THE HUNT STEP 1

A

GATHER DATA/ FILTER & SIFT/ GARNER INSIGHT/RINSE AND REPEAT

31
Q

THE HUNT STEP 2

A

COLLECT ARTIFACT/ REFINE HYPOTHESIS / TEST TO CONCLUSION

32
Q

POST HUNT STEP 1

A

MEMORIALIZE THE HUNT/ ENRICH KNOWLEDGE BASE / TRAIN TEAM/ IMPROVE DETECTION/ TUNE HUNT

33
Q

WHAT IS INSTRUMENTATION OF NETWORK

A

TECHNOLOGIES TO BRING YOU QUALITY DATA

34
Q

WHAT IS NETFLOW ANALYZER

A

UNIFIED SOLUTION THAT COLLECTS ANALYZES AND REPORTS ABOUT NETWORK BANDWIDTH/ PORTS PROTOCOLS AND SERVICES

35
Q

WHAT ARE DNS SERVER LOGS

A

RESOLVES ALPHANUMERIC DNS NAMES TO IP ADDRESSES

36
Q

WHAT ARE PROXY LOGS

A

COMPUTER SYSTEM OR APPPLICATION LOGS THATS ACTS AS INTERMEDIARY FOR REQUESTS FROM CLIENT SEEKING SERVICES FROM OTHER SERVERS ( MIDDLE MAN)

37
Q

WHAT IS VPN

A

EXTENDS A PRIVATE NETWORK ACROSS A PUBLIC NETWORK AND ENABLES USERS TO SEND AND RECEIVE ACROSS SHARED NETWORKS AS IF DEVICES WERE CONNECTED

38
Q

FIREWALLS

A

NETWORK SEC SYSTEM THAT MONITORS AND CONTROLS INCOMING AND OUTGOING NETWORK TRAFFIC BASED ON PREDETERMINED RULES. ITS A BARRIER BETWEEN TRUSTED INTERNAL AND THE WILD

39
Q

LOAD BALANCER

A

IMPROVES THE DISTRIBUTION OF WORKLOADS ACROSS MULTIPLE COMPUTING RESOURCES

40
Q

PACKET CAPTURE

A

PACKET ANALYZER THAT CAN INTERCEPT LOG TRAFFIC

41
Q

INTEL SOURCE FEEDS

A

FEEDS THAT UPDATE AND INFORM ON INDICATORS OF COMPROMISE / DOMAINS/ IPS/

42
Q

ISACS

A

INFORMATION SHARING AND ANALYSIS CENTERS

43
Q

WHY ARE INTERNAL INTEL SOURCES IMPORTANT

A

PREVIOUS HUNTS CAN BE USED, WHAT ARE YOUR ORGS SPECIFIC LINES OF BUSINESS./ WHERE ARE THE CROWN JEWELS

44
Q

WHAT IS SNORT

A

ALERT DRIVEN NETWORK INTRUSION DETECTION SYSTEM / ALARM SYSTEM

45
Q

BRO / ZEEK

A

ANALYZES NETWORK TRAFFIC MOST COMMONLY USED FOR DETECTING BEHAVIORAL ANOMALIES./ PERFORMS INCIDENT RESPONSE / FORENSICS/ FILE EXTRACTION / HASHING

46
Q

BRO / ZEEK

A

ANALYZES NETWORK TRAFFIC MOST COMMONLY USED FOR DETECTING BEHAVIORAL ANOMALIES./ PERFORMS INCIDENT RESPONSE / FORENSICS/ FILE EXTRACTION / HASHING ( /nsm/bro/logs0

47
Q

WIRESHARK

A

NETWORK PROTOCOL ANALYZER ( MICROSCOPIC LEVEL MONITORING )

48
Q

SECURITY ONION

A

DISTRIBUTION FOR INTRUSION DETECTION ENTERPRISE SECURITY MONITORING AND LOG MANAGEMENT/ INCLUDES BRO / SNORT /SQUIL

49
Q

SQUIL

A

GUI THAT PROVIDES ACCESS TO REALTIME EVENTS /SESSION DATA / RAW PACKET CAPTURES

50
Q

MITRE ATTACK ( FRAMEWORK FOR THREAT HUNTING )

A

ADVERSARIAL TACTIC TECHNIQUES AND COMMON KNOWLEDGE BASE AND MODEL FOR ADVERSARY BEHAVIOR, REFLECTING VARIOUS PHASES OF ATTACK LIFE CYCLE AND PLATFORMS THEY ARE KNOWN TO TARGET

51
Q

MITRE ENTERPRISE MATRIX

A

EXPLAINS SUB PHASES OF ATTACK AND TECHNIQUES FOUND IN THE WILD/ SHOWS WHICH ADVERSARIES HAVE USED WHICH ATTACK TECHNIQUES

52
Q

TTP

A

Tactics, Techniques, Procedures

53
Q

NSA /CSS Technical Cyber Threat Framework (NTCTF) v2

A

Provides Baseline Of Standard Definitions to be used as reference for the collaboration with partners and stakeholders discussing adversary activities throughout the lifecycle.

IR / TH (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions