Lesson 13 - Indicators of Malicious Activity Flashcards

1
Q

PUPs/PUAs

A

Potentially Unwanted Programs / Potentially Unwanted Applications
- Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

RAT

A

Remote Access Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

APT

A

Advanced Persistent Threat
- Threat actors with the ability to craft novel exploits and techniques to obtain, maintain, and diversify unauthorized access to network systems over a long period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AVT

A

Advanced Volatile Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

LOC

A

Low-Observable Characteristic attack
- stealthy cyberattacks that are difficult to detect and contain because they operate in memory and leave minimal traces on the system, evading traditional security tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

C2 or C&C

A

Comman and Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TPP

A

Tactic, Technique, or Procedure
- a framework used to understand and categorize the behaviors of threat actors, helping security professionals identify, anticipate, and defend against cyberattacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IoC

A

Indicator of Compromise
- A sign that an asset or network has been attacked or is currently under attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IoA

A

Indicator of Attack
- evidence of an intrusion attempt in progress

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DRDoS

A

Distributed Reflected DoS
- A malicious request to a legitimate server is created and sent as a link to the victim, so that a server-side flaw causes the malicious component to run on the target’s browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AitM

A

Adversary-in-the-Middle
- a sophisticated cybersecurity threat where an attacker positions themselves between two communicating parties, intercepting and potentially manipulating data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ARP

A

Address Resolution Protocol
- Broadcast mechanism by which the hardware MAC address of an interface is matched to an IP address on a local network segment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SSID

A

Server Set Identifier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

LSASS

A

Local Security Authority Subsystem Service
- a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SAM

A

Security Account Manager
- manages user and computer accounts, ensuring secure access to systems and data, often within a company’s Active Directory or similar environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ASLR

A

Address Space Execution Prevention
- a security technique that randomizes the memory addresses of key program components like libraries, stacks, and heaps

17
Q

DEP

A

Data Execution Prevention
-a security feature that helps prevent damage from viruses and other threats by preventing the execution of code from memory locations that are not intended for code execution

18
Q

XSS

A

Cross-Site Scripting
- a cyber security vulnerability where attackers inject malicious scripts into trusted websites, enabling them to steal user data, impersonate users, or compromise the application

19
Q

CSRF

A

Cross-Site Request Forgery
- A malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.

20
Q

SSRF

A

Server-Side Request Forgery
- An attack where an attacker takes advantage of the trust established between the server and the resources it can access, including itself.