Indicators Of Malicious Activity

Question 1

Incident response plan

Answer 1

Plan to quickly detect and respond to indicators of compromise or attack

Question 2

IOA - indicator of attack

Answer 2

Type of indicator used to help and identify and detect threats,. IOA are behaviors or actions suggest an attack that is happening or about to happen, IOA are proactive. This os a set of behaviors typically observed during early stage of attack (network traffic patterns, system events, user activity)

Question 3

IOCS - indicator of compromise

Answer 3

Type of indicator used to help, identify. Detect threats. IOCs are evidence that a system may have been compromised. IoCS are more reactive,. Are pure artifacts about an event that has already happen - used to identify potential breaches

Question 4

Cyber kill chain

Answer 4

Explain how the attackers move through networks to identify vulnerabilities that can be exploited.

Reconnaissance (learning about target) => weaponization (decide how to attack) =>deliver (weapon)=> exploitation=> installation => command and control (c2) => action on objectives

Question 5

Artifacts

Answer 5

Indicators of compromise. Typical artifacts left behind by an attacker, included new accounts, file hashes, virus signature, malicious files, command and control connections, modifications of system and registry settings, evidence of data exfiltration, patterns of suspicious behavior

Question 6

C2 command and control server

Answer 6

Remote device that issues malicious instructions