What is a Rootkit?
Designed to gain administrative level control over a given computer system without being detected
What does the Administrative account do?
Allows the person to install programs, delete programs, open ports, shut ports, and do whatever it is they want to do on that system
What is a technique used by Rootkits to gain a deeper level of access on computer systems?
DLL Injection
What is a Dynamic Link Library (DLL)?
Collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development
What is a DLL Injection?
Technique used to run arbitrary code within the address space of another process by forcing it to load an infected dynamic-link library
What is Shim?
Piece of software code that is placed between two components and that intercepts the calls between those components and can be used to redirect them
What are the different rings of permission throughout a computer system?
Ring 0, Ring 1, Ring 3
What is Ring 3 (Outermost Ring)?
Where user level permissions are used
What is Ring 1?
You login as the administrator or root user on a system, you have root permission
What is Ring 0 (Innermost or Highest Permission Level)?
This is Kernal mode, which allows a system to control access to things like device drivers, your sound card, your video display or monitor, and other similar things
What does the Rootkit do once installed on a system?
It tries to move from Ring 1 to Ring 0 so that it can hide from other functions of the operating system to avoid detection
How can you detect a Rootkit?
The best way is to boot from an external device and then scan the internal hard drive to ensure that you can detect those rootkits using a good anti-malware scanning solution from a live boot Linux distribution
-
Threat Actor Motivations12
-
Hacktivists7
-
Organized Crime2
-
Unskilled Attackers3
-
Nation-State Actor5
-
Insider Threats3
-
Shadow IT3
-
Threat Vectors and Attack Surfaces11
-
Outsmarting Threat Actors11
-
PHYSICAL SECURITY1
-
Fencing and Bollards4
-
Attacking with Brute Force5
-
Surveillance Systems3
-
Bypassing Surveillance Systems7
-
Access Control Vestibules5
-
Door Locks4
-
Access Badge Cloning7
-
SOCIAL ENGINEERING1
-
Motivational Triggers7
-
Impersonation5
-
Pretexting2
-
Phishing Attacks6
-
Preventing Phishing Attacks7
-
Frauds and Scams5
-
Influence Campaigns3
-
Other Social Engineering Attacks13
-
MALWARE3
-
Viruses11
-
Worms3
-
Trojans3
-
Ransomware3
-
Zombies and Botnets7
-
Rootkits12
-
Backdoors and Logic Bombs4
-
Keylogger3
-
Spyware and Bloatware6
-
Malware Attack Techniques12
-
Indications of Malware Attacks9
-
DATA PROTECTION1
-
Data Classifications14
-
Data Ownership9
-
Data States17
-
Data Types5
-
Data Sovereignty2
-
Securing Data8
-
Data Loss Prevention (DLP)5
-
CRYPTOGRAPHIC SOLUTIONS8
-
Symmetric vs Asymmetric5
-
Symmetric Algorithms10
-
Asymmetric Algorithms4
-
Hashing8
-
Pass the Hash Attack5
-
RISK MANAGEMENT1
-
Risk Assessment Frequency6
-
Risk Identification7
-
Risk Register13
-
Qualitative Risk Analysis1
-
Quantitative Risk Analysis6
-
Risk Management Strategies7
-
Risk Monitoring and Reporting9
-
THIRD-PARTY VENDOR RISKS1
-
Supply Chain Risks5
-
Supply Chain Attacks8
-
Vendor Assessment10
-
Vendor Selection and Monitoring5
-
Contracts and Agreements8
-
GOVERNANCE AND COMPLIANCE2
-
Governance10
-
Governance Structures6
-
Policies7
-
Standards5
-
Procedures5
-
Governance Considerations7
-
Compliance12
-
Non-compliance Consequences5
-
ASSET AND CHANGE MANAGEMENT2
-
Acquisition and Procurement5
-
Mobile Asset Deployments3
-
Asset Management6
-
Asset Disposal and Decommissioning12
-
Change Management5
-
Change Management Processes6
-
Technical Implications of Changes6
-
Documenting Changes2
-
AUDITS AND ASSESSMENTS5
-
Internal Audits and Assessments10
-
Performing an Internal Assessment3
-
External Audits and Assessments5
-
Penetration Testing5
-
Reconnaissance in Pentesting6
-
Attestation of Findings6
-
CYBER RESILIENCE AND REDUNDANCY2
-
High Availability10
-
Data Redundancy9
-
Capacity Planning5
-
Powering Data Centers9
-
Data Backups10
-
Continuity of Operations Plan3
-
Redundant SIte Considerations10
-
Resilience and Recovery Testing8
-
SECURITY ARCHITECTURE3
-
On-Premise Vs the Cloud9
-
Cloud Security11
-
Virtualization and Containerization8
-
Serverless8
-
Microservices9
-
Network Infrastructure3
-
Software-defined Network (SDN)4
-
Infrastructure as Code (IaC)2
-
Centralized vs. Decentralized Architectures2
-
Internet of Things (IoT)2
-
ICS and SCADA4
-
Embedded Systems8
-
SECURITY INFRASTRUCTURE1
-
Ports and Protocols7
-
Firewalls16
-
Configuring Firewalls5
-
IDS and IPS9
-
Network Appliances5
-
Port Security9
-
Securing Network Communications16
-
Infrastructure Considerations9
-
Selecting Infrastructure Controls6
-
IDENTITY AND ACCESS MANAGEMENT (IAM) SOLUTIONS1
-
Identity and Access Management (IAM)9
-
Multi-factor Authentication2
-
Password Security6
-
Password Attacks5
-
Single Sign-On (SSO)4
-
Federation1
-
Privileged Access Management (PAM)4
-
Access Control Models7
-
Assigning Permissions1
-
VULNERABILITIES AND ATTACKS2
-
Hardware Vulnerabilities13
-
Bluetooth Vulnerabilities and Attacks9
-
Mobile Vulnerabilities and Attacks5
-
Zero-day Vulnerabilities3
-
Operating System Vulnerabilities5
-
SQL and XML Injections6
-
XSS and XSRF10
-
Buffer Overflow5
-
Race Conditions8
-
MALICIOUS ACTIVITY1
-
Distributed Denial of Service8
-
Domain Name System (DNS) Attacks6
-
Directory Traversal Attack5
-
Execution and Escalation Attacks10
-
Replay Attacks2
-
Session Hijacking7
-
On-path Attacks9
-
Injection Attacks4
-
Indicators of Compromise (IoC)10
-
HARDENING1
-
Restricting Applications4
-
Trusted Operating Systems5
-
Updates and Patches5
-
Patch Management5
-
Group Policies3
-
SELinux15
-
Data Encryption Levels7
-
Secure Baselines1
-
SECURITY TECHNIQUES1
-
Wireless Infrastructure5
-
Wireless Security Settings10
-
Application Security10
-
Network Access Control (NAC)3
-
Web and DNS Filtering8
-
Email Security8
-
Endpoint Detection and Response3
-
User Behavior Analytics2
-
Selecting Secure Protocols5
-
VULNERABILITY MANAGEMENT1
-
Identifying Vulnerabilities8
-
Threat Intellegence Feeds4
-
Responsible Disclosure Programs2
-
Analyzing Vulnerabilities9
-
Vulnerability Response and Remediation7
-
Validating Vulnerability Remediation1
-
Vulnerability Reporting4
-
ALERTING AND MONITORING3
-
Monitoring Resources3
-
Alerting and Monitoring Activities8
-
Simple Network Management Protocol (SNMP)5
-
Security Information and Event Management (SIEM)3
-
Data from Security Tools4
-
Security Content Automation Protocol (SCAP)8
-
Network and Flow Analysis6
-
Single Pane of Glass5
-
INCIDENT RESPONSE1
-
Incident Response Process10
-
Threat Hunting3
-
Root Cause Analysis6
-
Incident Response Training and Testing5
-
Digital Forensic Procedure12
-
Data Collection Procedures1
-
INVESTIGATING AN INCIDENT0
-
Investigative Data9
-
Dashboards3
-
Automated Reports4
-
Vulnerability Scans2
-
Packet Captures1
-
Metadata2
-
AUTOMATION AND ORCHESTRATION5
-
When to Automate and Orchestrate2
-
Automating Support Tickets3
-
Automating Onboarding3
-
Automating Security3
-
Automating Application Development10
-
Integrations and APIs5
-
Ports6
