Open the Windows!
Operating at the highest privilege level (Ring 0), giving malware complete control over system resources.
What is the Windows kernel?
This form of persistence can be set to run at system startup, user login, or when specific events happen.
What are scheduled tasks?
This type of phishing attack specifically targets high-level executives or decision makers
What is whaling or whale phishing?
Type Software that is often bundled with other legitimate downloads and can be installed on your device without your explicit consent
What are Adware/PuPs?
Its a automation and configuration tool developed by Microsoft that combines a command-line shell, an associated scripting language, and a framework for processing
What is PowerShell?
This Windows process is often targeted by malware to steal credentials from memory
What is lsass.exe (Local Security Authority Subsystem Service)?
The registry key location below can be frequently targeted to ensure that malware executes on boot "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
What are start up keys?
The practice of carefully researching a target's personal information before launching a phishing attack is called this
What is social engineering or spear phishing?
This Russian group, specializing in "living off the land" techniques, was responsible for the SolarWinds hack
Who is Cozy Bear?
A type of attack that utilizes existing and legitimate tools rather than creating new tools
What are Living off the land binaries?
This Windows feature, introduced in Vista, is often targeted by malware for privilege escalation
What is User Account Control (UAC)?
This threat actor has been weaving a web of its victims by attempting to bypass the MFA Security Controls
What is Scattered Spider?
This advanced attack method combines phishing with DNS cache poisoning to redirect users to malicious sites even when typing legitimate URLs
What is DNS cache poisoning phishing or pharming?
This threat actor group pioneered the ransomware-as-a-service model and created the notorious Conti ransomware
Who is Wizard Spider?
This common Windows scripting host binary is frequently abused to execute malicious scripts with a ".vbs" extension
What is wscript.exe or cscript.exe?
This Windows authentication package is targeted by malware to create golden tickets
What is Kerberos or NTLM?
This Windows utility lists all programs and services configured to run automatically when your system starts or a user logs in
What are Autoruns or sysinternal autoruns?
This sophisticated phishing technique involves intercepting communications between two parties and impersonating both sides
What is man-in-the-middle attack?
This ransomware group emerged from the ashes of Conti and is known for targeting healthcare organizations in 2024-2025
What is ALPHV/BlackCat?
This binary designed for Windows troubleshooting can be abused to dump LSASS memory and steal credentials
What is procdump.exe?
This registry location contains programs that automatically run at startup
What is Run or RunOnce keys?
This persistence technique involves injecting code into the Windows print spooler service for privilege escalation
What is Print Spooler Service Persistence or PrintNightmare abuse?
This term describes phishing attacks that use multiple platforms and gradually build trust before attempting credential theft
What is multi-vector or hybrid phishing?
This Russian-speaking ransomware group targeted Kaseya VSA in 2021, affecting over 1,500 downstream businesses
What is REvil?
This Windows binary designed for system file checking can be abused to load and execute malicious DLLs
What is sfc.exe or "Windows Resource Protection"?