Threat Model
what part of the Diamond Model is physical or logical communication structures used to deliver capabilities, maintain control of capabilities, and effect results (exfil, destruction)?
Infrastructure
What part of the Cyber Kill chain does this describe?: -persistence -backdoors -allows adversary to maintain persistence (presence on the disk)
Installation
__________ is what gets executed.
Payload
What part of the Cyber Kill chain does this describe?: -Can be active or passive -research, identification, and selection of targets
Reconnaissance
The following is an example of what threat model?: -victim discovers malware -malware contains hardcoded C2 domain -C2 domain resolves to C2 IP address -IP address reveals info about adversary -Firewall logs reveal other hosts contacting the C2 IP address
The Diamond Model
What part of the Cyber Kill chain does this describe?: -Exfil -Encryption -Destruction -Manipulation -Hop Point
Actions on objectives
what part of the Diamond Model is an actor/organization responsible?
Adversary
what are the 4 vertices/events of the Diamond Model of Intrusion Analysis?
Adversary Victim Capability Infrastructure
What part of the Cyber Kill chain does this describe?: -Transmission of weapon to the target environment -Makes use of an attack vector -most prevalent methods: email attachments, USB, websites
Delivery
Which phase of the cyber kill chain makes use of an attack vector (spear phishing, watering hole, etc.)?
Delivery
Which of the following choices ID'd two phases of the Cyber Kill Chain?: A) Weaponization and Attack Graph B) Actions on Objectives and Exploitation C) Lateral Movement and Delivery D) Collection and Reconnaissance
B) Actions on Objectives and Exploitation
what part of the Diamond Model is described tools/techniques used by the adversary?
Capability
What part of the Cyber Kill chain does this describe?: -allows "hand on keyboard" access -beaconing required to be established
Command and Control (C2)
These are the 7 phases of which Threat Model?: -Reconnaissance -Weaponization -Delivery -Exploitation -Installation -Command and Control -Actions and Objectives
Cyber Kill Chain
This Threat Model enables analysis to detect and mitigate intrusions, and aids in establishing adversary patterns of behavior.
Cyber Kill chain
Which Threat model categorizes the activity in increasing "layers" of detail (1-4) as available in the intel reporting?
Cyber Threat Framework (CTF)
Which threat model examines activity based on measurable or observable actions (external or internal actions)?
Cyber Threat Framework (CTF)
__________ is the means by which an attacker gains execution.
Exploit
What part of the Cyber Kill chain does this describe?: -written to attack a vulnerability -the effect that happens once that exploit is ran
Exploitation
The purpose of the Cyber Kill Chain is to enable analysis to detect and mitigate intrusion? True or False?
True
what part of the Diamond Model is a victim of the adversary, which can an org, person, target email, IP, domain, etc.?
Victim
What part of the Cyber Kill chain does this describe?: -Creation of malicious payload -Know your vulns/their capes -attacker might give clues base on recon
Weaponization