Threat Model

what part of the Diamond Model is physical or logical communication structures used to deliver capabilities, maintain control of capabilities, and effect results (exfil, destruction)?

Infrastructure

What part of the Cyber Kill chain does this describe?: -persistence -backdoors -allows adversary to maintain persistence (presence on the disk)

Installation

__________ is what gets executed.

Payload

What part of the Cyber Kill chain does this describe?: -Can be active or passive -research, identification, and selection of targets

Reconnaissance

The following is an example of what threat model?: -victim discovers malware -malware contains hardcoded C2 domain -C2 domain resolves to C2 IP address -IP address reveals info about adversary -Firewall logs reveal other hosts contacting the C2 IP address

The Diamond Model

What part of the Cyber Kill chain does this describe?: -Exfil -Encryption -Destruction -Manipulation -Hop Point

Actions on objectives

what part of the Diamond Model is an actor/organization responsible?

Adversary

what are the 4 vertices/events of the Diamond Model of Intrusion Analysis?

Adversary Victim Capability Infrastructure

What part of the Cyber Kill chain does this describe?: -Transmission of weapon to the target environment -Makes use of an attack vector -most prevalent methods: email attachments, USB, websites

Delivery

Which phase of the cyber kill chain makes use of an attack vector (spear phishing, watering hole, etc.)?

Delivery

Which of the following choices ID'd two phases of the Cyber Kill Chain?: A) Weaponization and Attack Graph B) Actions on Objectives and Exploitation C) Lateral Movement and Delivery D) Collection and Reconnaissance

B) Actions on Objectives and Exploitation

what part of the Diamond Model is described tools/techniques used by the adversary?

Capability

What part of the Cyber Kill chain does this describe?: -allows "hand on keyboard" access -beaconing required to be established

Command and Control (C2)

These are the 7 phases of which Threat Model?: -Reconnaissance -Weaponization -Delivery -Exploitation -Installation -Command and Control -Actions and Objectives

Cyber Kill Chain

This Threat Model enables analysis to detect and mitigate intrusions, and aids in establishing adversary patterns of behavior.

Cyber Kill chain

Which Threat model categorizes the activity in increasing "layers" of detail (1-4) as available in the intel reporting?

Cyber Threat Framework (CTF)

Which threat model examines activity based on measurable or observable actions (external or internal actions)?

Cyber Threat Framework (CTF)

__________ is the means by which an attacker gains execution.

Exploit

What part of the Cyber Kill chain does this describe?: -written to attack a vulnerability -the effect that happens once that exploit is ran

Exploitation

The purpose of the Cyber Kill Chain is to enable analysis to detect and mitigate intrusion? True or False?

True

what part of the Diamond Model is a victim of the adversary, which can an org, person, target email, IP, domain, etc.?

Victim

What part of the Cyber Kill chain does this describe?: -Creation of malicious payload -Know your vulns/their capes -attacker might give clues base on recon

Weaponization