Malware

Question 1

Boot Sector Virus

Answer 1

Stored in the first sector of a hard drive and is then loaded into memory whenever the computer boots up -

Question 2

Macro

Answer 2

Form of code that allows a virus to be embedded inside another document so that when that document is opened by the user by the user, the virus is executed

Question 3

Program

Answer 3

Try to find executables or application files to infect with their malicious code

Question 4

Multipartite

Answer 4

Combination of a boot sector type virus and a program virus
Able to place itself in the boot sector and be loaded every time computer boots
It can install itself in a program where it can be run every time the computer starts up

Question 5

Encrypted

Answer 5

Designed to hide itself from being detected by encrypting its malicious code or payloads to avoid detection by any antivirus software

Question 6

Polymorphic

Answer 6

Advanced version of an encrypted virus, but instead of just encrypting the content it will actually change the viruses code each time it is executed by altering the decryption module in order for it to evade detection

Question 7

Metamorphic

Answer 7

Able to rewrite themselves entirely before it attempts to infect a given file

Question 8

Stealth

Answer 8

Technique used to prevent the virus from being detected by the anti virus software

Question 9

Armored

Answer 9

Have a layer of protection to confuse a program or a person who’s trying to analyze it

Question 10

Hoax

Answer 10

Form of technical social engineering that attempts to scare our end users

Question 11

Worm

Answer 11

Piece of malicious software, much like a virus, but it can replicate itself without any user interaction
Able to self replicate and spread throughout your network without a user’s consent on their action

Question 12

What are the two dangerous reason why worm are bad

Answer 12

Infect your workstation and other computing assets
Cause disruptions to your normal network traffic since they are constantly trying to replicate and spread themselves across the network

Question 13

Trojan

Answer 13

Piece of malicious software that is disguised as a piece of harmless or desirable software
Claims that it will perform some needed or desired functions for your

Question 14

What is a RAT

Answer 14

Remote access trojan
Widely used by modern attackers because it provided the attacker with remote control of a victim machine
It uses to exploit a vulnerability in your workstation and then conducting data exfiltration to steal your sensitive documents creating backdoors to maintain persistence on your systems , and other malicious activities

Question 15

Ransomware

Answer 15

Type of malicious software the is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker

Question 16

GIVE ME THE WAYS TO PROTECT OURSELVES AND OUR ORGANIZATIONS AGAINST RANSOMEWARE

Answer 16

1. Always conduct regular backups
2. Install software updates regularly
3. Provide security awareness training to your users
4. Implement MFA

Question 17

What should you do if you find yourself or your organization as the victim of a ransomware attack?

Answer 17

1. Don’t pay the ransom
2. Suspect ransomware has infected your machine, you should disconnect it from the network
3. Notify the authorities
4. Restore your data and systems from known good backups

Question 18

Botnets

Answer 18

Network of compromised computers or devices controlled remotely by malicious actors

Question 19

Zombies

Answer 19

Name of a compromised computer or device that is part of a botnet
Used to perform tasks using remote commands from the attackers without the user’s knowledge

Question 20

Command and Control Node

Answer 20

Computer responsible for managing and coordinating the activities of other nodes or devices within a network

Question 21

what is the most common use of botnet

Answer 21

DISTRIBUTED denial of service attack it occurs when many machines target a single viciim and attack them at the exact same time

Question 22

What are Botnets are used

Answer 22

as pivot points
disguise the real attacker
to host illegal activities
to spam others by sending out phishing campaigns and other malware

Question 23

Botnets are used attackers to combine processing power to break through different types of encryption schemes

Answer 23

botnets

Question 24

What is the percentage that an attackers use for the zombies power

Answer 24

20-25%

Question 25

Rootkit

Answer 25

Designed to gain administrative level control over a given computer system without being detected

Question 26

What can you do administrator account

Answer 26

install programs, delete programs, open ports, shut ports, do whatever it is they want to do on that system

Question 27

A computer system has several different rings of permissions throughout the system

Answer 27

Ring 3- Where user level permissions are used
Ring 0 - Operating in Ring is called kernel mode
Allows a system to control access to things like device drivers, your sound card, your video displays or monitor, and other similar things

Question 28

Rootkit what does it do

Answer 28

it tries to move from ring 1 to Ring 0 so that it can hide from other functions of the operating system to avoid detection

Question 29

One technique used by rootkit to gain this deeper level of access is a

Answer 29

DLL injection - technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic link library

Question 30

Dynamic Link Library

Answer 30

Collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software

Question 31

Shims

Answer 31

Piece of software code that is placed between two components and that intercepts the calls between those components and can be used redirect them

Question 32

Rootkits are extremely powerful, and they are very diffcult to detect because the operating system is essentially blinded to them

Answer 32

To detect them, the best way is to boot from an external device and then scan the internal hard drive to ensure that you can detect those rootkits using a good anti malware scanning solution from a live boot linux distribution

Question 33

Backdoor

Answer 33

Originally placed in compute program to bypass the normal security and authentication functions
Most often put into system by designers and programmers

Question 34

Does a rat act like a backdoor?

Answer 34

Yes, can be placed by a threat actor on your computer to help them maintain persistent access to that system

Question 35

Logic bombs

Answer 35

Malicious code that’s insert into a program, and the malicious code will only execute when certain conditions have been met

Question 36

What is keylogger

Answer 36

Piece of software or hardware that records every single keystroke that is made on a computer or mobile device

Question 37

Software keyloggers

Answer 37

Malicious programs that get installed on a victim’s computer
Often bundled with other software or delivered through social engineering attacks, like phishing or pretexting attacks

Question 38

Hardware Keyloggers

Answer 38

Physical devices that need to be plugged into a computer
These will resemble a USB drive or they can be embedded within a keyboard cable itself

Question 39

Spyware

Answer 39

Malicious software that is designed to gather and send information about a user or organization without their knowledge

Question 40

Some ways spyware can get installed on a system

Answer 40

Bundled with other software
Installed through malicious website
Installed when users click on a deceptive pop up advertisement

Question 41

Bloatware

Answer 41

Any software that come pre installed on a new computer that you as the user did not specifically request want or need

Question 42

Malware Exploitation Techniques

Answer 42

Specific method by which malware code penetrates and infects a targeted system

Question 43

Some malware focuses on infecting the systems memory to leverage remote procedure calls over the organizations network

Answer 43

Most modern malware uses fileless techniques to avoid detection by signature based security software
Fileless malware is used to create a process in the system memory without relying on the local file system of the infected host

Question 44

How does this modern malware work
Talk about the two stages

Answer 44

1. Dropper or downloaders
   Dropper Specific malware type designed to initiate or run other malware forms within a payload on an infect host
   Downloader- Retrieve additional tools post the initial infection facilitated by a dropper
   Stage 2: Downloads and installs a remote access Trojan to conduct command and control on a the victimized system.

Question 45

Actions on objectives Phase

Answer 45

Threat actors will execute primary objectives to meet core objectives like data infiltration, file encryption

Question 46

Concealment

Answer 46

Used to help the threat actor prolong unauthorized access to a system by hiding tracks, erasing log files, hiding an evidence of malicious activity

Question 47

What does living off the land mean

Answer 47

A strategy adopted by many Advanced Persistent Threats and criminal organizations
the threat actors try to exploit the standard tools to perform intrusions

Question 48

Describe Account Lockouts

Answer 48

Malware especially those designed for credential thrift or brute force attacks can trigger multiple failed login attempts that would result in a users account being locked out