Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

IR / TH > IC/TH > Flashcards

IC/TH Flashcards

Results (53 cards)

Start Studying
1
Q

THREAT HUNTING DEFINITION

A

PROACTIVE SEARCH FOR MALICIOUS ACTIVITY THAT HAS EVADED YOUR STATIC DEFENSEs IN PLACE Ex,,,, IDS, IPS, FIREWALLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

THREAT HUNTING GOAL

A

PREVENT ADVERSARY FROM CONDUCTING INTENDED AO / DEVELOP NOVEL WAYS OF DETECTION / AUTOMATION, YOU CAN ALSO LEARN YOUR ENVIRONMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WHAT IS LOCKMARTIN KILL CYCLE

A

RWD-EIC-AO

RECONNAISSANCE, WEAPONIZATION, DELIVERY, EXPLOITATION, INSTALLATION, COMMAND AND CONTROL, ACTIONS AND OBJECTIVES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

RECONNAISSANCE

A

STEP 1 , HARVEST EMAIL ADDRESSES & CONFERENCE INFO ETC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

WEAPONIZATION

A

STEP 2, CREATING FAKE EMAILS, SOCIAL ENGINEERING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DELIVERY

A

STEP 3, DELIVER WEAPONIZED BUNDLE TO THE VICTIM VIA EMAIL, USB , WEB , ETC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

EXPLOITATION

A

STEP 4, EXPLOITING A VULNERABILITY TO EXECUTE CODE, SOCIAL ENGINEERING, OR VULNERABILITY IN SYSTEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

INSTALLATION

A

STEP 5, INSTALLING MALWARE ON ASSETS, GETTING ACCESS TO PASSWORDS,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

COMMAND AND CONTROL

A

STEP 6, PERSISTENT ACCESS TO NETWORK /REMOTE MANIPULATION, MOVING LATERALLY/ HANDS ON KEYBOARD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ACTIONS OR OBJECTIVES

A

STEP 7 , WITH HANDS ON KEYBOARD ACCESS INTRUDERS ACCOMPLISH ORIGINAL GOALS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

WHAT THREAT HUNTING REALLY

A

ISOLATING LONG INFORMATION AND ANALYZING / MANUAL PROCESS DONE BY PEOPLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

WHERE WAS THREAT HUNTING DONE PREVIOUSLY

A

ENDPOINTS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SPLUNK THREAT HUNTING

A

SPLUNK IS AN ANALYTICS SIEM PLATFORM USED FOR IMPORTING AND ANALYZING DATA FROM NETWORK INFRASTRUCTURE LOGS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

THREAT HUNTING IN EXCEL

A

COMPILING DATA/ COUNTING/ HOW MANY TIME AM I SEE THIS ? HOW FEW TIMES HAVE I SEEN THIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

NETWORK THREAT HUNTING DEFINED

A

PROACTIVE APPROACH TO ANALYSIS THAT ADDRESSES GAPS IN STATIC NETWORK DEFENSES AND ENABLES ADVANCED DETECTION AND TECHNIQUES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

STEP 1 THREAT HUNTING

A

COLLECT DATA, LEVERAGE KNOW ADVERSARY TECHNIQUES, LOOK FOR ACTIVITY, STARTING WITH REPORTS ( USCERT /RECORDED FUTURE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

THREAT HUNTING VS IR

A

IR IS ALERT DRIVEN / THREAT HUNTING IS AN ASSUMED BREACH MENTALITY FOCUSING ON POST EXPLOITATION ANALYSIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

WHAT IS POST EXPLOITATION

A

STEPS 5/6/7 INSTALLATION, C2, AOB- PERSISTANCE/PRIV ESCALATION /DEFENSE EVASION, CREDENTIAL ACCESS, LATERAL MOVEMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

NETWORK ENABLED DETECTION

A

STEPS 3/4 -WE GET TO SEE MALWARE DELIVERED /TECHNIQUES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

WHY THREAT HUNTING

A

ADDRESSES GAPS/DEFENSE IN DEPTH/METHODICALLY DEVELOPS ATTACKER MINEFIELD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

WHAT THREAT HUNTING IS NOT

A

NOT ANOTHER PRODUCT /NOT A REPLACEMENT FOR NETWORK SECURITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

WHO SHOULD BE DOING THREAT HUNTING

Study These Flashcards
A

INCIDENT RESPONDER / SOMEONE WITH PROBLEM SOLVING MINDSET WHO CAN ORGANIZE DATA THAT WILL YIELD RESULTS

23
Q

PRE HUNT STEP 1

Study These Flashcards
A

PREP ENVIRONMENT / WHAT TOOLS ARE GIVING YOU THE DATA / IPS /IDS / FIREWALLS / WEB PROXY/ WHERE TOOLS ARE PLACED

24
Q

PRE HUNT STEP 2

Study These Flashcards
A

UNDERSTAND SUITABILITY OF DATA /

25
DATA DICTIONARY
SOURCE OF DATA TO WORK WITH FOR PRE HUNT
26
DATA MODELING
HOW TO MAP DATA COMING FROM DIFFERENT SOURCES INTO MEANINGFUL ANALYSES FRAMEWORK
27
DATA QUALITY
YOU DON'T WANT ERRONEOUS OR SPAM RESULTS
28
SELECTION OF MODEL
EXPLANATION
29
HYPOTHESIS GENERATION TEMPLATE
RESEARCHING / SCOPING TEMPLATE
30
THE HUNT STEP 1
GATHER DATA/ FILTER & SIFT/ GARNER INSIGHT/RINSE AND REPEAT
31
THE HUNT STEP 2
COLLECT ARTIFACT/ REFINE HYPOTHESIS / TEST TO CONCLUSION
32
POST HUNT STEP 1
MEMORIALIZE THE HUNT/ ENRICH KNOWLEDGE BASE / TRAIN TEAM/ IMPROVE DETECTION/ TUNE HUNT
33
WHAT IS INSTRUMENTATION OF NETWORK
TECHNOLOGIES TO BRING YOU QUALITY DATA
34
WHAT IS NETFLOW ANALYZER
UNIFIED SOLUTION THAT COLLECTS ANALYZES AND REPORTS ABOUT NETWORK BANDWIDTH/ PORTS PROTOCOLS AND SERVICES
35
WHAT ARE DNS SERVER LOGS
RESOLVES ALPHANUMERIC DNS NAMES TO IP ADDRESSES
36
WHAT ARE PROXY LOGS
COMPUTER SYSTEM OR APPPLICATION LOGS THATS ACTS AS INTERMEDIARY FOR REQUESTS FROM CLIENT SEEKING SERVICES FROM OTHER SERVERS ( MIDDLE MAN)
37
WHAT IS VPN
EXTENDS A PRIVATE NETWORK ACROSS A PUBLIC NETWORK AND ENABLES USERS TO SEND AND RECEIVE ACROSS SHARED NETWORKS AS IF DEVICES WERE CONNECTED
38
FIREWALLS
NETWORK SEC SYSTEM THAT MONITORS AND CONTROLS INCOMING AND OUTGOING NETWORK TRAFFIC BASED ON PREDETERMINED RULES. ITS A BARRIER BETWEEN TRUSTED INTERNAL AND THE WILD
39
LOAD BALANCER
IMPROVES THE DISTRIBUTION OF WORKLOADS ACROSS MULTIPLE COMPUTING RESOURCES
40
PACKET CAPTURE
PACKET ANALYZER THAT CAN INTERCEPT LOG TRAFFIC
41
INTEL SOURCE FEEDS
FEEDS THAT UPDATE AND INFORM ON INDICATORS OF COMPROMISE / DOMAINS/ IPS/
42
ISACS
INFORMATION SHARING AND ANALYSIS CENTERS
43
WHY ARE INTERNAL INTEL SOURCES IMPORTANT
PREVIOUS HUNTS CAN BE USED, WHAT ARE YOUR ORGS SPECIFIC LINES OF BUSINESS./ WHERE ARE THE CROWN JEWELS
44
WHAT IS SNORT
ALERT DRIVEN NETWORK INTRUSION DETECTION SYSTEM / ALARM SYSTEM
45
BRO / ZEEK
ANALYZES NETWORK TRAFFIC MOST COMMONLY USED FOR DETECTING BEHAVIORAL ANOMALIES./ PERFORMS INCIDENT RESPONSE / FORENSICS/ FILE EXTRACTION / HASHING
46
BRO / ZEEK
ANALYZES NETWORK TRAFFIC MOST COMMONLY USED FOR DETECTING BEHAVIORAL ANOMALIES./ PERFORMS INCIDENT RESPONSE / FORENSICS/ FILE EXTRACTION / HASHING ( /nsm/bro/logs0
47
WIRESHARK
NETWORK PROTOCOL ANALYZER ( MICROSCOPIC LEVEL MONITORING )
48
SECURITY ONION
DISTRIBUTION FOR INTRUSION DETECTION ENTERPRISE SECURITY MONITORING AND LOG MANAGEMENT/ INCLUDES BRO / SNORT /SQUIL
49
SQUIL
GUI THAT PROVIDES ACCESS TO REALTIME EVENTS /SESSION DATA / RAW PACKET CAPTURES
50
MITRE ATTACK ( FRAMEWORK FOR THREAT HUNTING )
ADVERSARIAL TACTIC TECHNIQUES AND COMMON KNOWLEDGE BASE AND MODEL FOR ADVERSARY BEHAVIOR, REFLECTING VARIOUS PHASES OF ATTACK LIFE CYCLE AND PLATFORMS THEY ARE KNOWN TO TARGET
51
MITRE ENTERPRISE MATRIX
EXPLAINS SUB PHASES OF ATTACK AND TECHNIQUES FOUND IN THE WILD/ SHOWS WHICH ADVERSARIES HAVE USED WHICH ATTACK TECHNIQUES
52
TTP
Tactics, Techniques, Procedures
53
NSA /CSS Technical Cyber Threat Framework (NTCTF) v2
Provides Baseline Of Standard Definitions to be used as reference for the collaboration with partners and stakeholders discussing adversary activities throughout the lifecycle.

IR / TH (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions