Malware Exploitation Flashcards
Exploit Technique
Describes the specific method by which malware code infects a target host.
Most modern malware uses fileless techniques to avoid detection by signature-based security software.
How does an APT use modern malware to operate? - Dropper or downloader; Maintain access; Strengthen access; Actions on objectives; Concealment
Dropper
Malware designed to install or run other types of malware embedded in a payload on an infected host.
Downloader
A piece of code that connects to the Internet to retrieve additional tools after the initial infection by a dropper.
Shellcode
Any lightweight code designed to run an exploit on the target, which may include any type of code format from scripting languages to binary code.
Code Injection
Exploit technique that runs malicious code with the identification number of a legitimate process: Masquerading; DLL Injection; DLL Sideloading; Process hollowing.
Dropper are likely to implement anti-forensics techniques to prevent detection and analysis.
Living off the Land
Exploit techniques that use standard system tools and packages to perform intrusions.
Detection of an adversary is more difficult when they are executing malware code within standard tools and processes.