Module 1. Threats, Attacks and vulnerabilities (Lesson 1. analyze…
Module 1. Threats, Attacks and vulnerabilities
Lesson 1. analyze indicators of compromise and determine the malware
1.1 Types of malware
: short for
It is software (or script code) designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems
, variants: logic bombs, backdoor
, variants: adware, tracking cookies, geolocator, click fraud
, variants: firmware, kernel, boot record, legitimate (anti-theft)
, variants: Malicious code embedded in music, video, game, greeting card and utilities
, variants: bot/zombie, crypto, APT, generic
Viruses are malicious codes whose primary function is to
deliver its payload
How they act
: Capable of
itself into a new form
: Produces varied but
: Hides itself by
or by adding confusing or
: Upon execution stays resident in memory. Can infect other programs running at same time.
: Hides by
its code. Masquerades as the original file and reports that the original file is intact.
: Written in a macro language and is platform-independent. Infects and replicate templates and documents
: Disguises itself as a legitimate program but uses a different extension with a higher priority (e.g. good.com to emulate good.exe)
: Infects .com or .exe files by overriding original code. Can easily infect other executables with the same extension
Boot sector virus
: Infects the boot (first) sector of a drive. Loads into memory upon boot up
(e.g. clicking on a link or visiting an infected website)
to execute and replicate, they can't operate on their own, the virus has to attach to an
(.bat, .com, .doc, .docx, .dll, .exe, .html, .mdb, .pdf, .vbs, .xls, .xlsx, .zip)
Often evades scanning
: that goes back to the idea of being transparent, it wants to hide in the background
Responds to commands
: that can be the commands that are, again, embedded, or commands that are coming from a commanding control center.
: Instructions can be embedded already in the malware or get additional instructions from a control center.
OS and device agnostic
: it's time to destroy the myth that Macs or Linux Machine are safe. Malware can attack all types of platforms and all types of OS
Designed to exploit a OS or Sw vulnerability
: they don't wanna be caught and they don't wanna be seen, it operates in the background.
• Given an scenario, analyze indicators of compromise and determine the malware.
• Compare and contrast types of attacks.
• Explain threats actors types and attributes.
• Explain penetration testing concepts.
• Explain vulnerability scanning concepts.
• Explain the impact associated with type of vulnerabilities.
Some types of malware like ransomware will eventually come up front and center and let you know that it's there, but while is coming on your system, while it is executing it's trying to be transparent so it doesn't get caught
A strong vulnerability management program and keep systems well patched is useful in order to repel the malware
, in an information technology (IT) context, refers to something that is generalized so that it is interoperable among various systems.