Indicators of Malicious Activity

0.0(0)
Studied by 0 people
linked notesView linked note
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/19

flashcard set

Earn XP

Description and Tags

These flashcards cover key terms and concepts related to indicators of malicious activity, malware types, and techniques used in cybersecurity.

Last updated 2:53 PM on 1/29/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

20 Terms

1
New cards

2
New cards

__ refers to the unauthorized transfer of data from a computer or network.

Data Exfiltration

3
New cards

Moving from 11 host to another within a network to gain wider access is called _.

Lateral Movement

4
New cards

An __ is evidence of an intrusion attempt in progress.

Indicator of Attack (IOA)

5
New cards

A __ attack tricks a domain controller into replicating credentials to a rogue host.

DCSync

6
New cards

__ is a technique where an attacker captures a password hash and uses it to authenticate instead of a plaintext password.

Pass-the-Hash

7
New cards

A __ Ticket is a forged Kerberos Ticket-Granting Ticket (TGT) used to gain domain admin rights.

Golden

8
New cards

A __ Ticket is a forged Kerberos Ticket-Granting Service (TGS) ticket used to access specific resources.

Silver

9
New cards

A __ relay attack involves intercepting and forwarding network authentication requests to another server.

New Technology LAN Manager (NTLM)

10
New cards

__ is a post-exploitation tool often used to dump passwords and hashes from local memory.

Mimikatz

11
New cards

The __ database contains local password hashes on Windows operating systems.

Security Account Manager (SAM)

12
New cards

__ is a tool that identifies complex attack paths in Active Directory environments via graph theory.

Blood Hound

13
New cards

Poisoning __ and NBTNS protocols causes clients to send authentication hashes to an attacker on the local network.

LLMNR

14
New cards

The __ protocol is the primary method for querying directory services like Active Directory.

Lightweight Directory Access Protocol (LDAP)

15
New cards

An __ consists of forensic evidence indicating that a system breach has already occurred.

Indicator of Compromise (IoC)

16
New cards

Attackers dump memory from the __ process to steal credentials from currently logged-in users.

LSASS

17
New cards

__ techniques allow an attacker to maintain access to a network even after a system reboot.

Persistence

18
New cards

A __ is the central infrastructure used by attackers to control compromised systems.

Command and Control Server (C2)

19
New cards

Enabling __ signing is a primary defense used to prevent relay attacks over the file-sharing protocol.

SMB

20
New cards

__ is the phase where an attacker gathers detailed information about visible users, groups, and shares.

Enumeration