Module 5: Common Attack Techniques

Indicators of Compromise (IOC) and Cybersecurity Frameworks

Indicators of Compromise

Hashes, domains, IPs, tools, etc.

Cybersecurity Frameworks

Cyber Kill Chain

MITRE ATT&CK

MITRE D3FEND

The Diamond Model

Opportunistic Attacks

Phishing and Credential Stealing

All the *ishings. Defang malicious URLs when sharing.

Ransomware

It's ransomware... if you don't know what it is, these notes probably aren't for you right now.

Denial of Service (DoS)

It's in the title. There's a handful of "types", just google 'em if it matters.

Automated Network Attacks

Also in the title... not much to add here. Instead of someone doing an attack manually... it's been automated... 🤯

Targeted Attacks

Initial Access

Most often it's phishing.

C2 and Persistence

Command and Control. Remotely control/manipulate compromised devices en masse.

Lateral Movement

Moving horizontally, i.e. laterally, through the network from system to system. Some examples include Pass the Hash/Ticket, Kerberoasting, etc.

Domain Persistence

Check out skeleton keys, pretty neat AD persistence:

Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory ForestActive Directory & Azure AD/Entra ID Security

PreviousModule 4: Incident Response Communication Plans NextModule 6: Incident Detection and Identification

Last updated 1 year ago

hashtagIndicators of Compromise (IOC) and Cybersecurity Frameworks

hashtagIndicators of Compromise

hashtagCybersecurity Frameworks

hashtagOpportunistic Attacks

hashtagPhishing and Credential Stealing

hashtagRansomware

hashtagDenial of Service (DoS)

hashtagAutomated Network Attacks

hashtagTargeted Attacks

hashtagInitial Access

hashtagC2 and Persistence

hashtagLateral Movement

hashtagDomain Persistence