Lernkarten

1. Reconnaisance
2. First Foothold (Spear Phishing, Waterhole)
3. Dropper as first Backdoor
4. Lateral Movement
5. Data Theft
6. Data Exfiltration

Malware (short for malicious software) is software designed to infiltrate or damge a computer system without the owner's being informed or giving consent. 

Once malware has compromised a system, an attacker can (sometimes fulliy) control the system.

Typical areas of malware usage:

• Cybercrime
• Espionage
• Disruption
• Cyber war
• Lawful interception

Opportunistic /non-targeted attacks (~cybercrim): Attack on a large weakly targeted population, often oppertunistic. Even if success rate is low, the absolute number of successful infections and the resulting revenue might be high.

Targeted attacks (~espionage): Attacks that are targeted at few individuals.

Infection vector: refers to the means and techniqyes for delivering a piece of malware onto the victime machine.

There are may differen types of technical vulnerabilities:

• Misconfiguration of firewall, Web server, etc...
• Weak passwords allow login, and take over
• Etc...
• Software vulnerabilities are particularly interesting, since they allow for very powerfull attacks. They may be deployed via different infection vectors.

A software vulnerability is a (sometimes) subtle programming error that triggers when processing maliciously crafted input data provided by an attacker, allowing the attacker to git her code executed in the victim program / process.

In short: Input data is turned into code.

The malicious data / code that triggers a vulnerability is called a (software) exploit.

A patch is a software update that removes a known software vulnerability.