Scribd
Upload
69 views4 pages

Interview Questionafff

The document discusses several topics related to cybersecurity threats including the OWASP top 10 vulnerabilities, common attack techniques used in the Mitre Attack framework, darkweb markets, state-sponsored threat groups, malware analysis of an incident involving Mimikatz and lsass.exe, and preparation questions for an interview. It also provides IoCs, emerging security platforms and a high-level overview of how to tag malware samples to threat actors based on code, infrastructure and behavioral analysis.

Uploaded by

Viren Choudhari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
69 views4 pages

Interview Questionafff

The document discusses several topics related to cybersecurity threats including the OWASP top 10 vulnerabilities, common attack techniques used in the Mitre Attack framework, darkweb markets, state-sponsored threat groups, malware analysis of an incident involving Mimikatz and lsass.exe, and preparation questions for an interview. It also provides IoCs, emerging security platforms and a high-level overview of how to tag malware samples to threat actors based on code, infrastructure and behavioral analysis.

Uploaded by

Viren Choudhari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

OWASP top 10:

 A1: Injection.
 A2: Cross-Site Scripting (XSS)
 A3: Broken Authentication and Session Management.
 A4: Insecure Direct Object References.
 A5: Cross-Site Request Forgery (CSRF)
 A6: Security Misconfiguration.
 A7: Insecure Cryptographic Storage.

Attack Mitre
 Initial Access: Spearphishing Attachment, Exploit Public-Facing Application
 Execution: Dynamic Data Exchange, PowerShell
 Persistence: Registry Run Keys / Startup Folder
 Privilege Escalation: Bypass User Account Control
 Defense Evasion: Clear Command History, Disabling Security Tools
 Credential Access: Credential Dumping
 Discovery: File and Directory Discovery, Account Discovery, Network Share
Discovery
 Lateral Movement: Exploitation of Remote Services, Remote Desktop Protocol
 Collection: Clipboard Data, Data from Network Shared Drive
 Exfiltration: Data Compressed, Exfiltration Over Alternative Protocol
 Command and Control: Connection Proxy, Data Obfuscation

Darkweb market laces


 Dream Market
 Wall Street Market
 Cannazon
 The Majestic Garden
 AlphaBay

APTs
Finance & Sales & government
Stone Panda
Tools:
 Power Shell:
 Credential Dumping:
 Remote Desktop Protocol
 Poison Ivy
 Mimikatz

Hidden Cobra
Fancy bear

 Telecomm
Reaper: Connection Proxy, Footprint deletion, Timestomping Credential Dumping,
Strategic Web Compromise
 Chemical
TICK: Spear-Phishing attack, Strategic Web Compromise

IoCs
 emergingthreats
 Cisco Talos
 Bad IPS
 Blocklist.de

Platform:

Tokio 2020
Data can be leaked
POS system can be infected
Ransomware attack

Malware Analysis
Proc dump is used to create crash dump
Created fdf.dmp and stored in temp folder and runs lsass.exe (Local Security Authority
Subsystem Service) process
And runs Mimikatz on it
psapi.dll is a Process Status Helper file used by Windows to collate information and
files about all software and drivers on victim’s PC. It basically shows all the programs
that are running on the computer, allowing “Task Manager”
The DLL winhttp.dll is a genuine Microsoft process but attackers can also create fake
winhttp processes. This module is associated with Windows HTTP Services. The
module is designed to be used in server based scenario by server based applications
that communicate with HTTP servers
Interview preparation

DDoS last incidcent

How do we tag with threat actors

Industry, technology and Geography


Infrastructure Overlap - IP. Domains, ASN, Registrar
Malware
Code overlap
Mutex
Strings
Imports - Imphash, ssdeep
Previous incident

Mimikatz incident
Local Security Authority Subsystem Service

Rootkit incident

Research Paper – tag malware with Threat Actor


Infrastructure reuse
Command & Control server
ASN
Mutex
Code reuse
Strings - % of parrael strings
for strings, imports, header, resources, functions
Running the malware in controlled environment and observing the behaviour – registry
change, mutex, API calls, process creation, network connections
Winrar Exploit

Attack Mitre framework

Incident response cycle


Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy