Malware Infections

Question 1

What’s a Threat Vector?

Answer 1

The method used by an attacker to gain access to a machine e.g unpatched software, installation through usb stick, phishing

Question 2

What’s an Attack Vector?

Answer 2

How exactly an attacker can infiltrate your security and how they get malware in.

Question 3

What’s a watering hole?

Answer 3

Somewhere a user frequently/routinely returns to. e.g Facebook or an invoice website that an attacker can exploit to get malware into your system.

Question 4

What’s typo squatting?

Answer 4

When an attacker uses your google search typo to get malware into your computer or steal information. e.g. yahooo.com

Question 5

What’s a Botnet?

Answer 5

Is a collection of compromised computers (zombies) under the control of a master node(C2).

Question 6

What does DDoS stand for ?

And mean?

Answer 6

Distributed Denial of Service attack.

Occurs when many machines target a single victim and all attack at one time.

Question 7

What’s active interception ?

Answer 7

Occurs when a computer is placed between the sender and receiver and is able to capture or modify traffic between them. E.g me setting up a fake wifi in a Internet cafe to steal data or insert malware secretly to those who connect to my wifi.

Question 8

What is Privilege Escalation?

Answer 8

Exploiting a design flaw in a system to gain access to resources that a normal user cannot and progressively increasing the level of credentials until reaching administrative or Kernel level.

Question 9

What’s a back door?

Answer 9

A way for programmers to bypass all authentication checks for easier and quicker access. [Bad practice]

Question 10

What’s a Logic Bomb?

Answer 10

It’s malicious software that only activates when certain conditions are met.

Question 11

Preventing Spam.
What do you not want your email servers configured to?
3 other things can you do to prevent spam?

Answer 11

Verify email isn’t configured as open mail relays or SMTP open relays.

• remove emails from work website (bots collect them)
• use whitelists and blacklists
• train users

Question 12

info 3 musts

Answer 12

Update anti malware software automatically
Scan computer weekly
Download all patch’s for operating system and applications
Educate and train users( they’re biggest vulnerability)

Question 13

What is a Dropper?

Answer 13

Malware designed to install or run other types of malware embedded in a payload on an infected host

Question 14

What’s a downloader?

Answer 14

Piece of code that connects to the internet to retrieve additional tools after the initial infection via a dropper

Question 15

What’s shellcode?

Answer 15

Any lightweight code designed to run an exploitation on the target, (any language)

Question 16

What’s a code injection ?

Answer 16

Exploit technique that runs malicious code with the identification number of legitimate processes

Question 17

Types of code injection;
Masquerading
DLL Injection
DLL sideloading 
Process hollowing

Answer 17

Masquerading -when your dropper replaces a genuine exe. with a malicious one.
DLL injection- where dropper forces the exe. malicious code as part of your DLL
DLL side loading - when dropper exploits vulnerability in a legit programs manifest to load malicious code when running
Process hollowing- dropper rewrites memory locations containing process code with malicious code

Question 18

What’s Living of the Land?

Answer 18

Exploit techniques that use the standard computer tools to perform intrusions making it much harder to discover