What is a Malware Exploitation Technique?
Specific method by which malware code penetrates and infects a targeted system
What does Fileless Malware do?
Creates a process in the system memory without relying on the local file system of the infected host in order to avoid detection by signature-based security software
How does this modern malware work?
When a user accidentally clicks on a malicious link or opens a malicious file, the specific type of malware being installed is known as a stage one dropper or downloader
What is Stage 1: Dropper or Downloader?
Piece of malware that is usually created as a lightweight shellcode that can be executed on a given system
What is a Dropper?
Specific malware type designed to initiate or run other malware forms within a payload on an infected host
What is a Downloader?
Retrieve additional tools post the initial infection facilitated by a dropper
What is the primary function for a stage 1 dropper or downloader?
To retrieve additional portions of the malware code and to trick the user into activating it
What is Shellcode?
Broader term that encompasses lightweight code meant to execute an exploit on a given target
What is Stage 2: Downloader?
Downloads and installs a remote access Trojan to conduct command and control on the victimized system
What is the “Actions on Objectives” phase?
Threat actors will execute primary objectives to meet core objectives like
■ data exfiltration
■ file encryption
What is Concealment?
Used to help the threat actor prolong unauthorized access to a system by
■ hiding tracks
■ erasing log files
■ hiding any evidence of malicious activity
What is “Living off the Land”?
■ A strategy adopted by many Advanced Persistent Threats and criminal organizations
■ The threat actors try to exploit the standard tools to perform intrusions
-
Threat Actor Motivations12
-
Hacktivists7
-
Organized Crime2
-
Unskilled Attackers3
-
Nation-State Actor5
-
Insider Threats3
-
Shadow IT3
-
Threat Vectors and Attack Surfaces11
-
Outsmarting Threat Actors11
-
PHYSICAL SECURITY1
-
Fencing and Bollards4
-
Attacking with Brute Force5
-
Surveillance Systems3
-
Bypassing Surveillance Systems7
-
Access Control Vestibules5
-
Door Locks4
-
Access Badge Cloning7
-
SOCIAL ENGINEERING1
-
Motivational Triggers7
-
Impersonation5
-
Pretexting2
-
Phishing Attacks6
-
Preventing Phishing Attacks7
-
Frauds and Scams5
-
Influence Campaigns3
-
Other Social Engineering Attacks13
-
MALWARE3
-
Viruses11
-
Worms3
-
Trojans3
-
Ransomware3
-
Zombies and Botnets7
-
Rootkits12
-
Backdoors and Logic Bombs4
-
Keylogger3
-
Spyware and Bloatware6
-
Malware Attack Techniques12
-
Indications of Malware Attacks9
-
DATA PROTECTION1
-
Data Classifications14
-
Data Ownership9
-
Data States17
-
Data Types5
-
Data Sovereignty2
-
Securing Data8
-
Data Loss Prevention (DLP)5
-
CRYPTOGRAPHIC SOLUTIONS8
-
Symmetric vs Asymmetric5
-
Symmetric Algorithms10
-
Asymmetric Algorithms4
-
Hashing8
-
Pass the Hash Attack5
-
RISK MANAGEMENT1
-
Risk Assessment Frequency6
-
Risk Identification7
-
Risk Register13
-
Qualitative Risk Analysis1
-
Quantitative Risk Analysis6
-
Risk Management Strategies7
-
Risk Monitoring and Reporting9
-
THIRD-PARTY VENDOR RISKS1
-
Supply Chain Risks5
-
Supply Chain Attacks8
-
Vendor Assessment10
-
Vendor Selection and Monitoring5
-
Contracts and Agreements8
-
GOVERNANCE AND COMPLIANCE2
-
Governance10
-
Governance Structures6
-
Policies7
-
Standards5
-
Procedures5
-
Governance Considerations7
-
Compliance12
-
Non-compliance Consequences5
-
ASSET AND CHANGE MANAGEMENT2
-
Acquisition and Procurement5
-
Mobile Asset Deployments3
-
Asset Management6
-
Asset Disposal and Decommissioning12
-
Change Management5
-
Change Management Processes6
-
Technical Implications of Changes6
-
Documenting Changes2
-
AUDITS AND ASSESSMENTS5
-
Internal Audits and Assessments10
-
Performing an Internal Assessment3
-
External Audits and Assessments5
-
Penetration Testing5
-
Reconnaissance in Pentesting6
-
Attestation of Findings6
-
CYBER RESILIENCE AND REDUNDANCY2
-
High Availability10
-
Data Redundancy9
-
Capacity Planning5
-
Powering Data Centers9
-
Data Backups10
-
Continuity of Operations Plan3
-
Redundant SIte Considerations10
-
Resilience and Recovery Testing8
-
SECURITY ARCHITECTURE3
-
On-Premise Vs the Cloud9
-
Cloud Security11
-
Virtualization and Containerization8
-
Serverless8
-
Microservices9
-
Network Infrastructure3
-
Software-defined Network (SDN)4
-
Infrastructure as Code (IaC)2
-
Centralized vs. Decentralized Architectures2
-
Internet of Things (IoT)2
-
ICS and SCADA4
-
Embedded Systems8
-
SECURITY INFRASTRUCTURE1
-
Ports and Protocols7
-
Firewalls16
-
Configuring Firewalls5
-
IDS and IPS9
-
Network Appliances5
-
Port Security9
-
Securing Network Communications16
-
Infrastructure Considerations9
-
Selecting Infrastructure Controls6
-
IDENTITY AND ACCESS MANAGEMENT (IAM) SOLUTIONS1
-
Identity and Access Management (IAM)9
-
Multi-factor Authentication2
-
Password Security6
-
Password Attacks5
-
Single Sign-On (SSO)4
-
Federation1
-
Privileged Access Management (PAM)4
-
Access Control Models7
-
Assigning Permissions1
-
VULNERABILITIES AND ATTACKS2
-
Hardware Vulnerabilities13
-
Bluetooth Vulnerabilities and Attacks9
-
Mobile Vulnerabilities and Attacks5
-
Zero-day Vulnerabilities3
-
Operating System Vulnerabilities5
-
SQL and XML Injections6
-
XSS and XSRF10
-
Buffer Overflow5
-
Race Conditions8
-
MALICIOUS ACTIVITY1
-
Distributed Denial of Service8
-
Domain Name System (DNS) Attacks6
-
Directory Traversal Attack5
-
Execution and Escalation Attacks10
-
Replay Attacks2
-
Session Hijacking7
-
On-path Attacks9
-
Injection Attacks4
-
Indicators of Compromise (IoC)10
-
HARDENING1
-
Restricting Applications4
-
Trusted Operating Systems5
-
Updates and Patches5
-
Patch Management5
-
Group Policies3
-
SELinux15
-
Data Encryption Levels7
-
Secure Baselines1
-
SECURITY TECHNIQUES1
-
Wireless Infrastructure5
-
Wireless Security Settings10
-
Application Security10
-
Network Access Control (NAC)3
-
Web and DNS Filtering8
-
Email Security8
-
Endpoint Detection and Response3
-
User Behavior Analytics2
-
Selecting Secure Protocols5
-
VULNERABILITY MANAGEMENT1
-
Identifying Vulnerabilities8
-
Threat Intellegence Feeds4
-
Responsible Disclosure Programs2
-
Analyzing Vulnerabilities9
-
Vulnerability Response and Remediation7
-
Validating Vulnerability Remediation1
-
Vulnerability Reporting4
-
ALERTING AND MONITORING3
-
Monitoring Resources3
-
Alerting and Monitoring Activities8
-
Simple Network Management Protocol (SNMP)5
-
Security Information and Event Management (SIEM)3
-
Data from Security Tools4
-
Security Content Automation Protocol (SCAP)8
-
Network and Flow Analysis6
-
Single Pane of Glass5
-
INCIDENT RESPONSE1
-
Incident Response Process10
-
Threat Hunting3
-
Root Cause Analysis6
-
Incident Response Training and Testing5
-
Digital Forensic Procedure12
-
Data Collection Procedures1
-
INVESTIGATING AN INCIDENT0
-
Investigative Data9
-
Dashboards3
-
Automated Reports4
-
Vulnerability Scans2
-
Packet Captures1
-
Metadata2
-
AUTOMATION AND ORCHESTRATION5
-
When to Automate and Orchestrate2
-
Automating Support Tickets3
-
Automating Onboarding3
-
Automating Security3
-
Automating Application Development10
-
Integrations and APIs5
-
Ports6
