Module 5: Common Attack Techniques

Indicators of Compromise (IOC) and Cybersecurity Frameworks

Indicators of Compromise

Hashes, domains, IPs, tools, etc.

Cybersecurity Frameworks

Cyber Kill Chain

MITRE ATT&CK

MITRE D3FEND

The Diamond Model

Opportunistic Attacks

Phishing and Credential Stealing

All the *ishings. Defang malicious URLs when sharing.

Ransomware

It's ransomware... if you don't know what it is, these notes probably aren't for you right now.

Denial of Service (DoS)

It's in the title. There's a handful of "types", just google 'em if it matters.

Automated Network Attacks

Also in the title... not much to add here. Instead of someone doing an attack manually... it's been automated... 🤯

Targeted Attacks

Initial Access

Most often it's phishing.

C2 and Persistence

Command and Control. Remotely control/manipulate compromised devices en masse.

Lateral Movement

Moving horizontally, i.e. laterally, through the network from system to system. Some examples include Pass the Hash/Ticket, Kerberoasting, etc.

Domain Persistence

Check out skeleton keys, pretty neat AD persistence:

Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory ForestActive Directory Security
PreviousModule 4: Incident Response Communication PlansNextModule 6: Incident Detection and Identification

Last updated