Analyze Indicators of Malicious Activity

CompTIA Security+ SY0-701 β€” Domain 13

🦠 Malware Types

  • Viruses: Attach to files and spread when executed. Learn more about viruses on Kaspersky.
  • Worms: Self-replicate across networks without human action.
  • Fileless Malware: Operates in memory (e.g., PowerShell attacks). Learn more about fileless malware on Trend Micro.
  • Trojan: Masquerades as legit software but includes malicious payloads.
  • Ransomware: Encrypts user data for ransom payment. Learn more about ransomware on CISA.
  • Spyware/Keyloggers: Capture user activity and transmit it externally.
  • Logic Bomb: Triggers under certain conditions (e.g., date or user action).
  • Rootkit: Grants attacker persistent admin-level access.

πŸ“Š Malware Indicators

  • Antivirus alerts or sandbox detonations
  • Unusual CPU/RAM/network activity
  • Unauthorized registry changes
  • New/unrecognized startup programs
  • Beaconing to known malicious IPs or C2 servers

πŸ” Password Attacks

  • Brute Force: Tries all combinations (online or offline).
  • Spraying: Tries common passwords across many users to avoid lockouts.
  • Rainbow Tables: Precomputed hash tables used to reverse passwords. Learn more about rainbow tables on Cloudflare.
  • Pass-the-Hash: Reuses hashed credentials directly (typically NTLM).
  • Hybrid: Mix of dictionary and brute force.

🎯 Tactics, Techniques, Procedures (TTPs)

Describe the behavior of adversaries throughout an attack:

  • Initial access (phishing, exploit)
  • Execution (scripting, process injection)
  • Persistence (services, registry keys)
  • Privilege escalation and lateral movement

MITRE ATT&CK: A standardized framework to map TTPs and threat actor behavior. Learn more about MITRE ATT&CK on MITRE.

🚨 Privilege Escalation & Error Handling

  • Vertical escalation: Gain higher privileges (e.g., user β†’ admin).
  • Horizontal escalation: Gain access to other users' data/functions.
  • Error Handling: Don’t expose technical details (e.g., stack traces) to end users.