Malicious Activity

Question 1

What are the evolving concerns in the digital age?

Answer 1

Cyber attacks, increasing in frequency and sophistication

The digital landscape is constantly changing, resulting in new and more advanced cyber threats.

Question 2

What is the first step to effective prevention and mitigation of cyber threats?

Answer 2

Understanding Cyber Threats

Awareness of the tactics, techniques, and procedures employed by cybercriminals is crucial.

Question 3

What are the variants of Distributed Denial of Service (DDoS) attacks?

Answer 3

• Denial of Service
• Amplified DDoS
• Reflected DDoS

Question 4

What are the types of Domain Name Server (DNS) attacks?

Answer 4

• DNS Cache Poisoning
• DNS Amplification
• DNS Tunneling
• Domain Hijacking
• DNS Zone Transfer

Question 5

What is a Directory Traversal Attack?

Answer 5

Injection attack when attacker inserts malicious cose through an application interface

Question 6

What does a Privilege Escalation Attack involve?

Answer 6

Exploiting system vulnerability to gain elevated access

Question 7

What is a Replay Attack?

Answer 7

Malicious or fraudulent repeat/delay of a valid data transmission

Question 8

What is Session Hijacking?

Answer 8

Attacker takes over a user session to gain unauthorized access

Question 9

What are Malicious Code Injection Attacks?

Answer 9

Introduction of harmful code into a program or system

Question 10

What are some Indicators of Compromise (IoC)?

Answer 10

• Account lockout
• Concurrent session usage
• Blocked content
• Impossible travel
• Resource consumption
• Inaccessibility
• Out-of-cycle logging
• Published documents indicating hacking
• Missing logs

Question 11

What is a Denial of Service (DoS) attack?

Answer 11

An attack that attempts to make a computer or server’s resources unavailable

Question 12

What is a Flood Attack?

Answer 12

• Ping Flood
• SYN Flood

Question 13

What is a Permanent Denial of Service (PDOS) Attack?

Answer 13

Exploits security flaws to break a networking device permanently by re-flashing its firmware

Question 14

What is a Fork Bomb?

Answer 14

Attack creates a large number of processes, consuming processing power

Question 15

What is a Distributed Denial of Service (DDoS) attack?

Answer 15

Malicious attempt to disrupt the normal functioning of a network by overwhelming it with a flood of internet traffic

Question 16

What is a DNS Amplification Attack?

Answer 16

Allows an attacker to initiate DNS requests from a spoof IP address to flood a website

Question 17

What is the purpose of a Black Hole or Sinkhole in DoS prevention?

Answer 17

Routes attacking IP traffic to a non-existent server through a null interface

Question 18

What is DNS Cache Poisoning?

Answer 18

Corrupts a DNS resolver’s cache with false information

Question 19

What is DNS Tunneling?

Answer 19

Encapsulates non-DNS traffic over port 53

Question 20

What is Domain Hijacking?

Answer 20

Unauthorized change of domain registration

Question 21

What is a Directory Traversal Attack?

Answer 21

An injection attack that allows access to commands, files, and directories

Question 22

What is Arbitrary Code Execution?

Answer 22

Vulnerability that allows an attacker to run their code without restrictions

Question 23

What is Remote Code Execution?

Answer 23

Type of arbitrary code execution that occurs remotely

Question 24

What is the difference between Vertical and Horizontal Privilege Escalation?

Answer 24

• Vertical: From normal user to higher privilege
• Horizontal: Accessing resources at the same level

Question 25

What are rootkits?

Answer 25

Class of malware that conceals its presence by modifying system files

Question 26

What is a Replay Attack?

Answer 26

Type of network-based attack where valid data transmissions are maliciously re-broadcast

Question 27

What is a Credential Replay Attack?

Answer 27

Capturing a user's login credentials during a session and reusing them for unauthorized access

Question 28

How can Replay Attacks be prevented?

Answer 28

* Use session tokens * Implement multi-factor authentication * Use security protocols like WPA3

Question 29

What is Session Management?

Answer 29

Enables web applications to uniquely identify a user across different actions

Question 30

What is a Cookie in web applications?

Answer 30

Text file used to store information about a user when they visit a website

Question 31

What is Cookie Poisoning?

Answer 31

Modifies the contents of a cookie after it has been generated

Question 32

What is an On-Path Attack?

Answer 32

An attack where the attacker positions their workstation logically between two hosts

Question 33

What is ARP Poisoning?

Answer 33

Manipulating Address Resolution Protocol (ARP) tables to redirect network traffic

Question 34

What is SSL Stripping?

Answer 34

An attack that tricks the encryption application into presenting an HTTP connection instead of HTTPS

Question 35

What is LDAP Injection?

Answer 35

An application attack that targets web-based applications by fabricating LDAP statements

Question 36

What is Command Injection?

Answer 36

Occurs when a threat actor is able to execute arbitrary commands on a system

Question 37

What does LDAP stand for?

Answer 37

Lightweight Directory Access Protocol ## Footnote LDAP is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.

Question 38

What is LDAP Injection?

Answer 38

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input ## Footnote Protection against LDAP injection attacks includes input validation and input sanitization.

Question 39

What is Command Injection?

Answer 39

Occurs when a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application

Question 40

What is Process Injection?

Answer 40

Method of executing arbitrary code in the address space of a separate live process ## Footnote There are many different ways to inject code into a process, including DLLs, Thread Execution Hijacking, and Process Hollowing.

Question 41

List some methods of Process Injection.

Answer 41

* Injection through DLLs * Thread Execution Hijacking * Process Hollowing * Process Doppel Ganging * Asynchronous Procedure Calls * Portable Executable Injections

Question 42

What are some mitigation strategies for Process Injection?

Answer 42

* Endpoint security solutions configured to block common sequences of attack behavior * Security Kernel Modules * Practice of Least Privilege * Indicators of Compromise (IoC)

Question 43

What does Indicators of Compromise (IoC) refer to?

Answer 43

Pieces of forensic data that identify potentially malicious activity on a network or system ## Footnote IoCs serve as digital evidence that a security breach has occurred.

Question 44

What is an Account Lockout?

Answer 44

Occurs when an account is locked due to multiple failed login attempts ## Footnote It indicates a potential brute force attack to gain access.

Question 45

What is Concurrent Session Usage?

Answer 45

Refers to multiple active sessions from a single user account ## Footnote It may indicate a possible account compromise.

Question 46

What does Blocked Content imply?

Answer 46

Involves attempts to access or download content blocked by security protocols ## Footnote This suggests a user trying to access malicious content or an attacker attempting to steal data.

Question 47

What does Impossible Travel indicate?

Answer 47

Detects logins from geographically distant locations within an unreasonably short timeframe ## Footnote It indicates a likely account compromise.

Question 48

What is Resource Consumption?

Answer 48

Unusual spikes in resource utilization ## Footnote This includes CPU, Memory, and Network bandwidth, and may indicate malware infections or DDoS attacks.

Question 49

What is Resource Inaccessibility?

Answer 49

Inability to access resources like files, databases, or network services ## Footnote It suggests a ransomware attack, where files are encrypted, and a ransom is demanded.

Question 50

What does Out-of-Cycle Logging indicate?

Answer 50

Log entries occurring at unusual times ## Footnote It suggests an attacker trying to hide their activities during off-peak hours.

Question 51

What are Missing Logs a sign of?

Answer 51

Sign that logs have been deleted to hide attacker activities ## Footnote This may result in gaps in the log data, making it harder to trace the attacker's actions.

Question 52

What does the publication of Articles or Documents by attackers imply?

Answer 52

Attackers publicly disclose their actions, boasting about their skills or causing reputational damage ## Footnote This can occur on social media, hacker forums, or the victim's own website.