Supply Chain Vulnerabilities
This type of software attack grew by significantly on open source software in 2021
What is software supply chain attacks?
The proactive process of investigating networks to locate and eliminate advanced threats
What is threat hunting?
A native Linux tool used to capture and analyze network protocol traffic
What is tcpdump?
Add ‘-w{name}.pcap to the end of a tcpdump command to create this type of file
Packet Capture File
The third layer of the OSI Model that functions to break up or reassemble segments into network packets and routing packets from source to destination
What is the Network Layer?
Software supply chain attacks are best defined as cyber threat attacks who deploy this type of code
What is malicious?
Threat hunting takes place during or after this occurs
What is a network intrusion?
An open source packet analyzer used to look at network traffic and find malicious traffic. Also used to troubleshoot network connectivity
What is Wireshark?
The circled section of the image below displays what part of a snort rule?
What is the rule header?
Enumeration techniques used to establish an initial connection to a service in order to capture and analyze the service’s “Welcome” information
What is banner grabbing?
What company was recently breached involved the injection of malicious code into a trusted patch update that affected multiple government and private organizations?
What is SolarWinds?
Threat hunting typically involves a robust suite of sensors, analysis utilities, log aggregation and SIEMS, and this type of intelligence associated with machine-learning
What is artificial intelligence?
A SIEM tool that collects, analyzes, and correlates big data
What is Splunk?
The circled section of the image below displays what part of a snort rule?
What is the rule option?
Protocol that utilizes port 23 for insecure remote connections
What is telnet?
Software Tool Attacks, Patch Site Attacks, Insider Attacks, Source Code Attacks, and Download Site Attacks are all examples of this Software supply chain element
What are vectors?
What is a security solution used for detecting, but not preventing, network vulnerability exploits
What is IDS?
An open source Network IDS/IPS that uses a series of rules to define malicious network activity and generates alerts whenever packets match these rules
What is Snort?
This very blue exploit shown below involved a trans2 response
What is Eternal Blue?
Stack Canaries, Address Space Layout Randomization (ASLR) and DEP are all prevention techniques for this type of exploitation
What is Stack Overflow?
Identifying key assets and their software use, developing a software supply chain roadmap, implementing software development and deployment plans, and developing a software bill of materials are just a few examples of this type of technique associated with software supply chain attacks
What is mitigation?
Occasionally, these activities are performed during/after threat hunting and incident response efforts to attribute an action to a specific adversary
What is attribution?
When using snort, these definitions help to determine what is a threat
What are rules?
The picture below shows a tool that is a central repository for the network and can use filters to search and create reports
What is Splunk?
A vulnerability existing in C programs where attackers are able to take advantage of how the C programming language writes strings using that ‘printf()’ function
What is a format string?