π¦ Malware Types
- Viruses: Attach to files and spread when executed. Learn more about viruses on Kaspersky.
- Worms: Self-replicate across networks without human action.
- Fileless Malware: Operates in memory (e.g., PowerShell attacks). Learn more about fileless malware on Trend Micro.
- Trojan: Masquerades as legit software but includes malicious payloads.
- Ransomware: Encrypts user data for ransom payment. Learn more about ransomware on CISA.
- Spyware/Keyloggers: Capture user activity and transmit it externally.
- Logic Bomb: Triggers under certain conditions (e.g., date or user action).
- Rootkit: Grants attacker persistent admin-level access.
π Malware Indicators
- Antivirus alerts or sandbox detonations
- Unusual CPU/RAM/network activity
- Unauthorized registry changes
- New/unrecognized startup programs
- Beaconing to known malicious IPs or C2 servers
π Password Attacks
- Brute Force: Tries all combinations (online or offline).
- Spraying: Tries common passwords across many users to avoid lockouts.
- Rainbow Tables: Precomputed hash tables used to reverse passwords. Learn more about rainbow tables on Cloudflare.
- Pass-the-Hash: Reuses hashed credentials directly (typically NTLM).
- Hybrid: Mix of dictionary and brute force.
π― Tactics, Techniques, Procedures (TTPs)
Describe the behavior of adversaries throughout an attack:
- Initial access (phishing, exploit)
- Execution (scripting, process injection)
- Persistence (services, registry keys)
- Privilege escalation and lateral movement
MITRE ATT&CK: A standardized framework to map TTPs and threat actor behavior. Learn more about MITRE ATT&CK on MITRE.
π¨ Privilege Escalation & Error Handling
- Vertical escalation: Gain higher privileges (e.g., user β admin).
- Horizontal escalation: Gain access to other users' data/functions.
- Error Handling: Donβt expose technical details (e.g., stack traces) to end users.