TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

Information Security Glossary – v2

BHIS · 2016-03-28 · Read original ↗

ATT&CK techniques detected

20 predictions
T1190Exploit Public-Facing Application
96%
“is installed in a computer without the user ’ s knowledge and transmits information about the user ’ s computer activities over the internet. ( cf. adware, malware. ) ssh see secure shell ( ssh ). ssl see secure sockets layer structured query language commonly referred to as “ sq…”
T1550.002Pass the Hash
93%
“corporations, educational organizations and individuals from around the world. this community works to create freely - available articles, methodologies, documentation, tools, and technologies. ( web site : https : / / www. owasp. org / index. php / main _ page. ) owasp see open …”
T1498Network Denial of Service
90%
“##nt event, such as a natural disaster or an interruption of business operations. distributed denial of service attack ( ddos ) the use of multiple machines to create a traffic flow that slows or halts data services on a targeted network. domain name system ( dns ) the centralize…”
T1190Exploit Public-Facing Application
83%
“the internet. by compromising network a and gaining access to a trusted machine that has access to network b, a connection can be leveraged ( or pivoted ) to the secured network via the compromised machine. poodle attack poodle is an acronym for padding oracle on downgraded legac…”
T1566.001Spearphishing Attachment
82%
“almost identical or cloned email. the attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. it may claim to be a resend of the original or an updated version to the original…”
T1573.002Asymmetric Cryptography
74%
“. this link ensured that all data passed between the web server and browsers remain private and integral. ssl was an industry standard and was used by millions of websites in the protection of their online transactions with their customers. dr. taher elgamal, chief scientist at n…”
T1557Adversary-in-the-Middle
72%
“data back to the sender or perhaps another program at a later time. the cookie is often used like a ticket – to identify a particular event or transaction. malware software that is written with the intent of causing intentional harm to, or data exfiltration from a system. the wor…”
T1071.001Web Protocols
65%
“to every computer that communicates on the internet. this ip address is used to recognize your particular computer out of the millions of other computers connected to the internet. ip address see internet protocol address. ip see intellectual property or internet protocol address…”
T1566.002Spearphishing Link
56%
“using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. the word is a combination of “ voice ” and phishing. voice phishing is typically used to steal credit card numbers …”
T1587.004Exploits
56%
“xsrf see cross - site request forgery. z zero - day vulnerability a flaw for which a patch does not yet exist. zero - day exploit a tool that has been written to take advantage of a zero - day vulnerability. ready to learn more? level up your skills with affordable classes from a…”
T1071.001Web Protocols
54%
“layer ( ssl ), both of which are frequently referred to as ‘ ssl ’, are cryptographic protocols designed to provide communications security over a computer network. tls is the standard security technology for establishing an encrypted link between a web server and a browser. this…”
T1588.006Vulnerabilities
53%
“, ” “ cve - ids, ” and “ cves ” ) are unique, common identifiers for publicly known cyber security vulnerabilities. ( web site : https : / / cve. mitre. org /. ) common vulnerability scoring system ( cvss ) an open industry standard for assessing the severity of computer system s…”
T1498.001Direct Network Flood
52%
“##nt event, such as a natural disaster or an interruption of business operations. distributed denial of service attack ( ddos ) the use of multiple machines to create a traffic flow that slows or halts data services on a targeted network. domain name system ( dns ) the centralize…”
T1566.002Spearphishing Link
44%
“almost identical or cloned email. the attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. it may claim to be a resend of the original or an updated version to the original…”
T1568.002Domain Generation Algorithms
38%
“, discretionary access control ( dac ) is a type of access control in which a user has complete control over all the programs it owns and executes, and also determines the permissions other users have to those files and programs. because dac requires permissions to be assigned to…”
T1189Drive-by Compromise
37%
“covert channel a type of computer security attack that creates the capability to transfer informational objects between processes that are not supposed to be allowed to communicate by the computer security policy. cross - site scripting ( xss ) the act of loading an attacked, thi…”
T1588.006Vulnerabilities
36%
“xsrf see cross - site request forgery. z zero - day vulnerability a flaw for which a patch does not yet exist. zero - day exploit a tool that has been written to take advantage of a zero - day vulnerability. ready to learn more? level up your skills with affordable classes from a…”
T1499Endpoint Denial of Service
35%
“##nt event, such as a natural disaster or an interruption of business operations. distributed denial of service attack ( ddos ) the use of multiple machines to create a traffic flow that slows or halts data services on a targeted network. domain name system ( dns ) the centralize…”
T1204.002Malicious File
31%
“. dropper this is a program that installs ( “ drops ” ) and infected program or other malicious code onto the target machine. e ethical hacking ethical hacking is the process of identifying potential threats to a company ’ s security infrastructure and then trying to exploit it, …”
T1667Email Bombing
30%
“responsibilities. this may result in an employee with inappropriate access to data b black box test testing done with very little or no information regarding target makeup, or internals, or protections. blue team red team - blue team exercises take their name from their military …”

Summary

Original by Bob Covello, CISSP / Modified with permission by BHIS // Note: This glossary was started to answer questions related to information security. It will be updated as required. […]

The post Information Security Glossary – v2 appeared first on Black Hills Information Security, Inc..