12 year old
In an HTTP request, this specific "Header" tells the server which website the user just came from (and is often spoofed in CSRF attacks).
What is the Referer header?
This infamous North Korean group is known for the 2014 Sony Pictures hack and the multi-million dollar Bangladesh Bank heist.
What is Lazarus Group?
This is the name of the framework that categorizes every step of an attack from Initial Access to Impact.
What is MITRE ATT&CK?
This built-in Windows tool is used for system info but can be abused to download files or execute scripts via "shortcuts."
What is PowerShell?
Attackers often use this encoding method to make their PowerShell commands unreadable to the naked eye.
What is Base64 (or -EncodedCommand)?
What famous horror movie actor starred in the movie Hackers.
Matthew Lillard
This specific Windows Event ID (4104) captures the entire content of a script as it executes.
What is PowerShell Script Block Logging?
This utility is usually for managing Windows images, but can be used to execute malicious DLLs or bypass UAC.
What is DISM?
"While originally developed by the U.S. Naval Research Lab to protect intelligence officers, this 3-letter project was eventually released as open-source and is now maintained by a Massachusetts-based nonprofit."
"What is Tor?"
This 2014 vulnerability in the OpenSSL library allowed an attacker to read 64KB of memory from a server by sending a malformed "Keep-Alive" packet, potentially leaking private keys without leaving a single trace in the logs.
What is Heartbleed?