Malware
A piece of code that spreads from one computer to another by attaching itself to other files.
What is a Virus?
This is an the type of attack the Hak.5 rubber ducky uses to bypass USB filters.
What is keystroke injection?
This the sysmon ID for network connection
What is 3?
A network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.
What is a firewall?
This is the colloquial term for the date each month that Microsoft releases patches and updates for its operating systems.
What is patch Tuesday?
A piece of code that spreads from computer to computer on its own, without user interaction.
What is a Worm?
The most common type of email-based social engineering attack, in which the attacker seems to be a reputable source in attempts to extract personal information.
What is Phishing
The sysmon ID 1 signifies this type of event
What is process creation?
This is a server application or appliance that acts as an intermediary between a client requesting a resource and the server providing that resource.
What is a web proxy?
The file system that the Windows NT operating system uses for storing and retrieving files on a hard disk.
New Technology File System (NTFS)
An type of malware that poses as a normal, helpful file or software and tricks the victim to run it.
What is a Trojan?
This is a form of phishing that targets executive members of a company such as the C-suite and board of directors.
What is Whaling?
This is the index that sysmon logs are currently stored in our SIEM.
What is WinLogBeats?
Acunetix, Nexpose, Nessus, Qualys and Saint are all examples of this type of this type of security appliance.
What is a vulnerability scanner?
This is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language which has essentially replaced the windows command prompt for most tasks.
What is powershell?
Surreptitiously installed malicious software that is intended to track and report the usage of a target system, or to collect other data the author wishes to obtain.
What is Spyware?
An social engineering attack where an unauthorized person follows an authorized individual to enter secured premises.
What is tailgating?
Will also accept piggybacking
This is the sysmon event ID for errors
What is 255?
These are security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed.
What is a Cloud Access Security Broker or CASB?
A full disk encryption feature included with Microsoft Windows versions starting with Windows Vista.
BitLocker
Petya, WannaCry, Locky, and Ryuk are all examples of this type of malware.
What is Ransomware?
In this type of social engineering attack, the attacker poses as an attractive individual and pretends to be romantically interested in the victim in an attempt to get access or information from them.
What is a honey trap?
These were the two individuals that tested and installed sysmon in our environment.
Who are Mohammed O and Malak?
This is a security solution that enforces policy on devices that access networks to increase network visibility and reduce risk.
What is NAC?
This is the first version of Windows to require a TPM chip before installation can occur.
What is Windows 11?