Module 1. Threats, Attacks and vulnerabilities (Lesson 1. analyze…
Module 1. Threats, Attacks and vulnerabilities
Lesson 1. analyze indicators of compromise and determine the malware
1.1 Types of malware
: short for
It is software (or script code) designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems
: they don't wanna be caught and they don't wanna be seen, it operates in the background.
Designed to exploit a OS or Sw vulnerability
OS and device agnostic
: it's time to destroy the myth that Macs or Linux Machine are safe. Malware can attack all types of platforms and all types of OS
: Instructions can be embedded already in the malware or get additional instructions from a control center.
Responds to commands
: that can be the commands that are, again, embedded, or commands that are coming from a commanding control center.
Often evades scanning
: that goes back to the idea of being transparent, it wants to hide in the background
Viruses are malicious codes whose primary function is to
deliver its payload
to execute and replicate, they can't operate on their own, the virus has to attach to an
(.bat, .com, .doc, .docx, .dll, .exe, .html, .mdb, .pdf, .vbs, .xls, .xlsx, .zip)
(e.g. clicking on a link or visiting an infected website)
Boot sector virus
: Infects the boot (first) sector of a drive. Loads into memory upon boot up
: Infects .com or .exe files by overriding original code. Can easily infect other executables with the same extension
: Disguises itself as a legitimate program but uses a different extension with a higher priority (e.g. good.com to emulate good.exe)
: Written in a macro language and is platform-independent. Infects and replicate templates and documents
How they act
: Hides by
its code. Masquerades as the original file and reports that the original file is intact.
: Upon execution stays resident in memory. Can infect other programs running at same time.
: Hides itself by
or by adding confusing or
: Produces varied but
: Capable of
itself into a new form
, variants: bot/zombie, crypto, APT, generic
, variants: Malicious code embedded in music, video, game, greeting card and utilities
, variants: firmware, kernel, boot record, legitimate (anti-theft)
, variants: adware, tracking cookies, geolocator, click fraud
, variants: logic bombs, backdoor
• Given an scenario, analyze indicators of compromise and determine the malware.
• Compare and contrast types of attacks.
• Explain threats actors types and attributes.
• Explain penetration testing concepts.
• Explain vulnerability scanning concepts.
• Explain the impact associated with type of vulnerabilities.
Some types of malware like ransomware will eventually come up front and center and let you know that it's there, but while is coming on your system, while it is executing it's trying to be transparent so it doesn't get caught
A strong vulnerability management program and keep systems well patched is useful in order to repel the malware
, in an information technology (IT) context, refers to something that is generalized so that it is interoperable among various systems.