Lesson 13 - Indicators of Malicious Activity

Question 1

PUPs/PUAs

Answer 1

Potentially Unwanted Programs / Potentially Unwanted Applications
- Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.

Question 2

RAT

Answer 2

Remote Access Trojan

Question 3

APT

Answer 3

Advanced Persistent Threat
- Threat actors with the ability to craft novel exploits and techniques to obtain, maintain, and diversify unauthorized access to network systems over a long period.

Question 4

AVT

Answer 4

Advanced Volatile Threat

Question 5

LOC

Answer 5

Low-Observable Characteristic attack
- stealthy cyberattacks that are difficult to detect and contain because they operate in memory and leave minimal traces on the system, evading traditional security tools.

Question 6

C2 or C&C

Answer 6

Comman and Control

Question 7

TPP

Answer 7

Tactic, Technique, or Procedure
- a framework used to understand and categorize the behaviors of threat actors, helping security professionals identify, anticipate, and defend against cyberattacks.

Question 8

IoC

Answer 8

Indicator of Compromise
- A sign that an asset or network has been attacked or is currently under attack.

Question 9

IoA

Answer 9

Indicator of Attack
- evidence of an intrusion attempt in progress

Question 10

DRDoS

Answer 10

Distributed Reflected DoS
- A malicious request to a legitimate server is created and sent as a link to the victim, so that a server-side flaw causes the malicious component to run on the target’s browser.

Question 11

AitM

Answer 11

Adversary-in-the-Middle
- a sophisticated cybersecurity threat where an attacker positions themselves between two communicating parties, intercepting and potentially manipulating data

Question 12

ARP

Answer 12

Address Resolution Protocol
- Broadcast mechanism by which the hardware MAC address of an interface is matched to an IP address on a local network segment.

Question 13

SSID

Answer 13

Server Set Identifier

Question 14

LSASS

Answer 14

Local Security Authority Subsystem Service
- a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system

Question 15

SAM

Answer 15

Security Account Manager
- manages user and computer accounts, ensuring secure access to systems and data, often within a company’s Active Directory or similar environment.

Question 16

ASLR

Answer 16

Address Space Execution Prevention
- a security technique that randomizes the memory addresses of key program components like libraries, stacks, and heaps

Question 17

DEP

Answer 17

Data Execution Prevention
-a security feature that helps prevent damage from viruses and other threats by preventing the execution of code from memory locations that are not intended for code execution

Question 18

XSS

Answer 18

Cross-Site Scripting
- a cyber security vulnerability where attackers inject malicious scripts into trusted websites, enabling them to steal user data, impersonate users, or compromise the application

Question 19

CSRF

Answer 19

Cross-Site Request Forgery
- A malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.

Question 20

SSRF

Answer 20

Server-Side Request Forgery
- An attack where an attacker takes advantage of the trust established between the server and the resources it can access, including itself.