APTs and Compromises
This 2017 cyberattack disrupted the operations of several major hospitals across the globe.
What is the Wannacry Ransomware attack?
This popular open-source tool is capable of identifying hosts, services, and vulnerabilities within a network.
What is nmap?
This security principle involves limiting access to sensitive information on a need-to-know basis.
What is least privilege?
Systems in this technique are designed to attract malicious activity and provide insights into attacker methods and motivations.
What are honeypots/honeypot detections?
This method of threat intelligence collection involves gathering information from publicly available sources, such as social media, forums, and news articles.
What is OSINT (Open-Source Intelligence)?
This high-profile 2017 data breach exposed the personal information of millions of customers across the US, Canada, and England.
What is the Equifax data breach?
This penetration testing tool automates web application security assessments, allowing users to identify vulnerabilities such as SQL injection and cross-site scripting.
What is Burp Suite?
This practice conceals the details of a system to enhance its security.
What is security through obscurity?
This method utilized threat intelligence feeds to correlate security events and alerts, enabling organizations to respond proactively to emerging threats.
What is threat hunting?
This framework provides a structured way to analyze and classify threat intelligence, including the stages of the attack lifecycle.
What is Cyber Kill Chain?
This APT group is believed to be sponsored by the North Korean government and is known for its attacks on financial institutions.
What is the Lazarus Group/APT38?
(Guardians of Peace/Whois Team)
This tool is designed for malware analysis, providing a sandbox environment that can emulate a range of operating systems.
What is Joe Sandbox?
This principle establishes trust by ensuring that the integrity and origin of data can't be denied.
What is non-repudiation?
This technique analyzes logs from multiple sources to identify IoCs that may not be apparent when viewed in isolation.
What is log aggregation and analysis?
This document is created after analyzing a cyber threat and includes recommendations for mitigating risks associated with that threat.
What is a threat assessment report?
This APT group is believed to be sponsored by the Chinese government, known for its advanced cyberattacks and usage of passive backdoors.
What is Double Dragon/APT41?
This framework is widely used for penetration testing and includes a collection of exploits and payloads to simulate attacks on target systems.
What is Metasploit?
Through this principle, security mechanisms should be layered and remain resilient and functional, even when under attack.
What is defense in depth?
This approach identifies known malware by comparing files against a database of established threats, allowing for the detection of previously cataloged malicious software.
What is signature-based detection?
This knowledge base categorizes adversary tactics and techniques based on real-world observations, and enhances detection and response strategies.
What is the MITRE ATT&CK framework?
This APT group is believed to be sponsored by the Russian government and is known for its attacks on diplomatic organizations and national governments.
What is Cozy Bear/Fancy Bear/APT29?
This advanced tool is utilized for performing wireless network penetration testing, often leveraging techniques such as packet injection and WPA/WPA2 cracking.
What is aircrack-ng?
This principle emphasizes that reduced complexity minimizes the likelihood of vulnerabilities and errors in implementation
What is KISS (Keep It Simple, Stupid)?
This security measure can help detect insider threats by monitoring user activities and behavior.
What is UEBA (User and Entity Behavior Analytics)?
This intelligence-sharing initiative is designed to facilitate the sharing of cyber threat information between organizations and sectors, enhancing collective defense.
What is STIX/TAXII?