Show:
PORTS
Frameworks
Control Types
Threat Modeling
Monitoring & Digital Forensics
100

This non-encrypted protocol can be used to remotely administer network devices. (Although it shouldn't)

What is Telnet?

OR

What is Port 23?

100

A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

What is the MITRE ATT&CK Framework

100

This control type would involve Log forwarders, SIEMs, IDS, Cameras, Security guards, and motion sensors.

What are detective controls?

100

Defined as the ability, skill level, and resources a malicious actor possesses to plan and execute a cyberattack.

What is adversary capability?

100

This device is designed to provide you with a line of defense at the networks boundary to control the type of traffic that can enter and leave the network. (Usually through the use of ACLs)

What is a firewall?

200
Known as the fundamental set of rules that browsers and servers use to communicate and exchange data like webpages, images, and videos over the internet.

What is HTTP?

OR

What is Port 80?

200

An interpretive residual sign that an asset or network has been successfully attacked.

What is IoC?

200

This control type would involve Gates, Fences, IPS solutions, and Security guards.

What are physical controls

200

Gathering intelligence via publicly available information and tools for aggregating and searching said information.

What is OSINT

200

A method of circumventing DDoS attacks. It involves routing malicious packets to an interface that is attached to monitoring tools to gather information.

What is Sinkholing?

OR What are sinkholes?

300
Sometimes called the "Internets Phonebook", This Protocol is used to resolve Human readable Domain names to IP addresses and vice versa allowing browsers to find and locate the correct web pages.

What is Port 53?

OR

What is DNS?

300

The Fourth Phase of the Lockheed martin Kill chain.

What is Exploitation?

300

This control type would involve Firewalls, Encryption, IDS solutions, SIEM solutions, and ACLs.

What are technical controls?

300

This represents all of the points within your network that an attacker could interact with, once inside of the network boundary, in order to potentially compromise it.

What is total attack surface?

300

A documented record of a network's normal behavior, traffic patterns, configurations, and performance under typical conditions.

What is a baseline?

400

This protocol is used to create standardized logging messages, allowing software and other devices to send event logs to a central server for collection and analysis.

What is Syslog?
OR

What is port 514?

400

One of the four core features of the Diamond Model of Intrusion Analysis.

What is Adversary?

Infrastructure?

Capability?

Victim?

400

An IPS would fall under these two categories.

What are Technical and preventative controls?

400

the probability that an attack will be realised.

Threat likelihood.

400

This open source GUI tool displays information of packets within its "panes" packets can be selected for further investigation and stream following.

What is wireshark?

500
This secure version of file transferring utilizes SSL or TLS over the standard file transferring protocol in order to encrypt files in transit.

What is FTPS?

OR

What is port 990?

500

The final three phases of the Kill chain.

What is:

Installation, Command and Control, Action on objectives?

(Must be all three)


500

This is a dedicated port on a switch that takes a mirrored copy of network traffic from within the switch to be sent to a destination.

What is a SPAN?

500

This threat hunting model involves utilizing threat research done before and attack is realized in order to discover whether there is evidence of TTPs present within a system or network

Proactive threat hunting

500
Many malware these days utilize this randomization method for their C2 Servers in order to prevent themselves from being blocked by analysts long term.

What is DGA?