Incident Response Flashcards
Framework
a basic structure underlying a system, concept, or text.
Procedures
provide detailed, tactical information to the CSIRT and represent the collective wisdom of team members and subject-matter experts.
eFUSE
an Intel-designed mechanism to allow a software instruction to blow a transistor in the hardware chip. One use of this is to prevent firmware downgrades
SED
self-encrypting drive.
TPM
trusted platform module. a specification for hardware-based storage of digital certificates, cryptographic keys, hashed passwords, and other user and platform identification information.
HSM
hardware security module. an appliance for generating and storing cryptographic keys.
Carving
the process of extracting data from an image when that data has no associated file system metadata.
FileVault 2
a full-disk encryption system used on macOS devices. Uses AES 256-bit
lessons-learned report
a technical report designed for internal use to improve incident response processes.
incident summary report
designed to distribute to stakeholders to reassure them that the incident has been properly handled.
Pass the Hash (PtH)
harvesting an account’s cached credentials when the user logs in to a single sign-on (SSO) system.
golden ticket
Kerberos ticket that can grant other tickets in an Active Directory environment. Attackers who can create a golden ticket can use it to grant administrative access to other domain members, even to domain controllers.
Lateral movement
umbrella term for a variety of attack types.
Pivoting
When attackers pivot, they compromise one central host (the pivot) that allows them to spread out to other hosts that would otherwise be inaccessible.
RAT
Remote Access Trojan