EH Chapter 8: Malware

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/24

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No study sessions yet.

25 Terms

1
New cards

In a botnet, what are the systems that tell individual bots what to do called?

C2 servers

2
New cards

What is the primary difference between a worm and a virus?

A worm can self‐propagate.

3
New cards

What is one advantage of static analysis over dynamic analysis of malware?

Static analysis limits your exposure to infection.

4
New cards

What would you use VirusTotal for?

Identifying malware against antivirus engines

5
New cards

What are two sections you would commonly find in a portable executable file?

Text and data

6
New cards

What could you use to generate your own malware?

Metasploit

7
New cards

What is the purpose of a packer for malware?

To obscure the actual program

8
New cards

What is the primary purpose of polymorphic code for malware programs?

Antivirus evasion

9
New cards

What would be one reason not to write malware in Python?

The Python interpreter may not be available.

10
New cards

What would you use Cuckoo Sandbox for?

Dynamic analysis of malware

11
New cards

If you wanted a tool that could help with both static and dynamic analysis of malware, which would you choose?

IDA

12
New cards

What is the purpose of using a disassembler?

Converting opcodes to mnemonics

13
New cards

What does the malware that is referred to as a dropper do?

Drops files that may be more malware

14
New cards

Why would you use an encoder when you are creating malware using Metasploit?

To evade antivirus

15
New cards

If you were to see the following command in someone's history, what would you think had happened?

msfvenom -i 5 -p windows/x64/shell_reverse_tcp -o program

A malicious program was generated.

16
New cards

What is the difference between a virus and ransomware?

Ransomware may be a virus.

17
New cards

Why would someone use a Trojan?

It pretends to be something else.

18
New cards

Which of these tools would be most beneficial when trying to dynamically analyze malware?

OllyDbg

19
New cards

Which end of a client‐server communication goes on the infected system if it is communicating with infrastructure?

Server

20
New cards

Which of these would be a reason why it is best for communications to originate from inside the infected network?

Firewall

21
New cards

What is the tactic of allowing software to continue running across reboots of a system called?

Persistence

22
New cards

What tool could you use to deeply analyze malicious software?

Ghidra

23
New cards

What practice could an organization use to protect itself against data loss from ransomware?

Implement good backup practices

24
New cards

What piece of software could you use to recover from a ransomware attack?

Decryptor

25
New cards

What persistence mechanism might allow malware to protect itself against anti‐malware software?

Pre‐boot malware