Lesson 13 - Indicators of Malicious Activity Flashcards
PUPs/PUAs
Potentially Unwanted Programs / Potentially Unwanted Applications
- Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.
RAT
Remote Access Trojan
APT
Advanced Persistent Threat
- Threat actors with the ability to craft novel exploits and techniques to obtain, maintain, and diversify unauthorized access to network systems over a long period.
AVT
Advanced Volatile Threat
LOC
Low-Observable Characteristic attack
- stealthy cyberattacks that are difficult to detect and contain because they operate in memory and leave minimal traces on the system, evading traditional security tools.
C2 or C&C
Comman and Control
TPP
Tactic, Technique, or Procedure
- a framework used to understand and categorize the behaviors of threat actors, helping security professionals identify, anticipate, and defend against cyberattacks.
IoC
Indicator of Compromise
- A sign that an asset or network has been attacked or is currently under attack.
IoA
Indicator of Attack
- evidence of an intrusion attempt in progress
DRDoS
Distributed Reflected DoS
- A malicious request to a legitimate server is created and sent as a link to the victim, so that a server-side flaw causes the malicious component to run on the target’s browser.
AitM
Adversary-in-the-Middle
- a sophisticated cybersecurity threat where an attacker positions themselves between two communicating parties, intercepting and potentially manipulating data
ARP
Address Resolution Protocol
- Broadcast mechanism by which the hardware MAC address of an interface is matched to an IP address on a local network segment.
SSID
Server Set Identifier
LSASS
Local Security Authority Subsystem Service
- a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system
SAM
Security Account Manager
- manages user and computer accounts, ensuring secure access to systems and data, often within a company’s Active Directory or similar environment.
ASLR
Address Space Execution Prevention
- a security technique that randomizes the memory addresses of key program components like libraries, stacks, and heaps
DEP
Data Execution Prevention
-a security feature that helps prevent damage from viruses and other threats by preventing the execution of code from memory locations that are not intended for code execution
XSS
Cross-Site Scripting
- a cyber security vulnerability where attackers inject malicious scripts into trusted websites, enabling them to steal user data, impersonate users, or compromise the application
CSRF
Cross-Site Request Forgery
- A malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.
SSRF
Server-Side Request Forgery
- An attack where an attacker takes advantage of the trust established between the server and the resources it can access, including itself.