APTs and Compromises
Security and Hacking Tools
Security Principles
Detection Techniques
Threat Intel
100

This 2017 cyberattack disrupted the operations of several major hospitals across the globe.

What is the Wannacry Ransomware attack?

100

This popular open-source tool is capable of identifying hosts, services, and vulnerabilities within a network.

What is nmap?

100

This security principle involves limiting access to sensitive information on a need-to-know basis.

What is least privilege?

100

Systems in this technique are designed to attract malicious activity and provide insights into attacker methods and motivations.

What are honeypots/honeypot detections?

100

This method of threat intelligence collection involves gathering information from publicly available sources, such as social media, forums, and news articles.

What is OSINT (Open-Source Intelligence)?

200

This high-profile 2017 data breach exposed the personal information of millions of customers across the US, Canada, and England.

What is the Equifax data breach?

200

This penetration testing tool automates web application security assessments, allowing users to identify vulnerabilities such as SQL injection and cross-site scripting.

What is Burp Suite?

200

This practice conceals the details of a system to enhance its security.

What is security through obscurity?

200

This method utilized threat intelligence feeds to correlate security events and alerts, enabling organizations to respond proactively to emerging threats.

What is threat hunting?

200

This framework provides a structured way to analyze and classify threat intelligence, including the stages of the attack lifecycle.

What is Cyber Kill Chain?

300

This APT group is believed to be sponsored by the North Korean government and is known for its attacks on financial institutions.

What is the Lazarus Group/APT38?

(Guardians of Peace/Whois Team)

300

This tool is designed for malware analysis, providing a sandbox environment that can emulate a range of operating systems.

What is Joe Sandbox?

300

This principle establishes trust by ensuring that the integrity and origin of data can't be denied.

What is non-repudiation?

300

This technique analyzes logs from multiple sources to identify IoCs that may not be apparent when viewed in isolation.

What is log aggregation and analysis?

300

This document is created after analyzing a cyber threat and includes recommendations for mitigating risks associated with that threat.

What is a threat assessment report?

400

This APT group is believed to be sponsored by the Chinese government, known for its advanced cyberattacks and usage of passive backdoors.

What is Double Dragon/APT41?

400

This framework is widely used for penetration testing and includes a collection of exploits and payloads to simulate attacks on target systems.

What is Metasploit?

400

Through this principle, security mechanisms should be layered and remain resilient and functional, even when under attack.

What is defense in depth?

400

This approach identifies known malware by comparing files against a database of established threats, allowing for the detection of previously cataloged malicious software.

What is signature-based detection?

400

This knowledge base categorizes adversary tactics and techniques based on real-world observations, and enhances detection and response strategies.

What is the MITRE ATT&CK framework?

500

This APT group is believed to be sponsored by the Russian government and is known for its attacks on diplomatic organizations and national governments.

What is Cozy Bear/Fancy Bear/APT29?

500

This advanced tool is utilized for performing wireless network penetration testing, often leveraging techniques such as packet injection and WPA/WPA2 cracking.

What is aircrack-ng?

500

This principle emphasizes that reduced complexity minimizes the likelihood of vulnerabilities and errors in implementation

What is KISS (Keep It Simple, Stupid)?

500

This security measure can help detect insider threats by monitoring user activities and behavior.

What is UEBA (User and Entity Behavior Analytics)?

500

This intelligence-sharing initiative is designed to facilitate the sharing of cyber threat information between organizations and sectors, enhancing collective defense.

What is STIX/TAXII?

M
e
n
u