Windows
This practice keeps Windows patched against known vulnerabilities, but sometimes people delay it because it requires a restart.
What are Windows Updates?
This Linux command lists the contents of the current directory.
What is ls?
This is the “color” name given to defenders in cybersecurity who protect networks and systems from attack.
What is the Blue Team?
The WannaCry malware, deployed in 2017, exploited a major vulnerability in the Windows operating system, encrypting data and locking access to computers, demanding Bitcoin payments, and crippling hospitals, government agencies, and businesses. It was malware of this type.
What is ransomware?
This type of network spans a large geographical area.
What is a Wide Area Network (WAN)?
This security feature built into Windows can detect and remove malware without the need for third-party antivirus software. This application is identified by a blue shield icon.
What is Microsoft Defender Antivirus?
This Linux command allows you to run the commands following it as if you were logged in as the root user.
What is sudo?
This type of software collects logs and alerts from across a network, letting blue teams detect suspicious activity in one central place.
What is a SIEM? (Security Information and Event Management system)
In 2015, the dating site Ashley Madison was breached by a group called The Impact Team, who stole and leaked personal data of millions of users, exposing names, emails, and payment information to shame the company and its customers. The Impact Team was this type of threat actor.
What is a hacktivist group?
There are this many different layers to the OSI model.
What are 7?
This database, sometimes called the “heart of Windows,” stores system and application settings, and is a favorite target for malware that wants persistence.
What is the Windows Registry?
This folder in the root Linux filesystem stores executable files.
What is bin?
When a red team attacks and a blue team defends in a practice drill, the overall event is often called this.
What is a tabletop exercise?
In 2020, attackers inserted malicious code into software updates for the SolarWinds Orion platform, which was then distributed to thousands of organizations and U.S. government agencies. The attack brought increased awareness to this type of attack, where a trusted third-party is compromised.
What is a supply chain attack?
This protocol uses port 22 and allows for a secure connection to devices.
What is SSH?
This Windows service is used in organizations to manage users, computers, and permissions on a network all from one central place.
What is Active Directory?
This Linux distribution is widely used by cybersecurity professionals due to its many built in hacking tools.
What is Kali Linux?
This framework, published by MITRE, maps out common adversary tactics and techniques to help blue teams detect and respond to threats.
What is the MITRE ATT&CK framework?
Discovered in 2010, this computer worm infiltrated Iranian nuclear facilities, secretly disrupting the operation of nuclear centrifuges. It represented one of the first known cases of highly sophisticated, state-sponsored cyber warfare.
What is Stuxnet?
A multilayer switch operates at these (name and number) layers of the OSI model.
What are Layer 2 (Data Link) and Layer 3 (Network)?
This Windows feature asks for your permission, as the administrator, before allowing apps to make changes to your device, often with a pop-up box.
What is User Account Control (UAC)?
This common Linux security tool is abbreviated to ufw.
What is Uncomplicated Firewall?
When investigating alerts, blue teams must decide whether they are false positives or these, which represent real malicious activity.
What are true positives?
In 2009, a social media app experienced a massive data breach, exposing over 32 million plaintext passwords. That leaked collection later became one of the most widely used password-cracking dictionaries in cybersecurity. This is the name of the company and now the word list.
What is RockYou?
What is the network address from the following IP address 172.16.193.236/23.
What is 172.16.192.0/23?