The Report

Answer

Log4j

Mention the MITRE Technique ID which effected more than 50% of the customers (Format: TXXXX)

Answer

T1059

Submit the names of 2 vulnerabilities belonging to Exchange Servers (Format: VulnNickname, VulnNickname)

Answer

ProxyLogon, ProxyShell

Submit the CVE of the zero day vulnerability of a driver which led to RCE and gain SYSTEM privileges (Format: CVE-XXXX-XXXXX)

Answer

CVE-2021-34527

Mention the 2 adversary groups that leverage SEO to gain initial access (Format: Group1, Group2)

Answer

Gootkit, Yellow Cockatoo

In the detection rule, what should be mentioned as parent process if we are looking for execution of malicious js files [Hint: Not CMD] (Format: ParentProcessName.exe)

Answer

wscript.exe

Ransomware gangs started using affiliate model to gain initial access. Name the precursors used by affiliates of Conti ransomware group (Format: Affiliate1, Affiliate2, Afilliate3)

Answer

Qbot, Bazar, IcedID

The main target of coin miners was outdated software. Mention the 2 outdated software mentioned in the report (Format: Software1, Software2)

Answer

JBoss, WebLogic

Question 9) Name the ransomware group which threatened to conduct DDoS if they didn't pay ransom (Format: GroupName)

Answer

Fancy Lazarus

What is the security measure we need to enable for RDP connections in order to safeguard from ransomware attacks? (Format: XXX)

Answer

MFA

Name the supply chain attack related to Java logging library in the end of 2021 (Format: AttackNickname)​

Answer​

Mention the MITRE Technique ID which effected more than 50% of the customers (Format: TXXXX)​

Answer​

Submit the names of 2 vulnerabilities belonging to Exchange Servers (Format: VulnNickname, VulnNickname)​

Answer​

Submit the CVE of the zero day vulnerability of a driver which led to RCE and gain SYSTEM privileges (Format: CVE-XXXX-XXXXX)​

Answer​

Mention the 2 adversary groups that leverage SEO to gain initial access (Format: Group1, Group2)​

Answer​

In the detection rule, what should be mentioned as parent process if we are looking for execution of malicious js files [Hint: Not CMD] (Format: ParentProcessName.exe)​

Answer​

Ransomware gangs started using affiliate model to gain initial access. Name the precursors used by affiliates of Conti ransomware group (Format: Affiliate1, Affiliate2, Afilliate3)​

Answer​

The main target of coin miners was outdated software. Mention the 2 outdated software mentioned in the report (Format: Software1, Software2)​

Answer​

Question 9) Name the ransomware group which threatened to conduct DDoS if they didn't pay ransom (Format: GroupName)​

Answer​

What is the security measure we need to enable for RDP connections in order to safeguard from ransomware attacks? (Format: XXX)​

Answer​

Name the supply chain attack related to Java logging library in the end of 2021 (Format: AttackNickname)

Answer

Mention the MITRE Technique ID which effected more than 50% of the customers (Format: TXXXX)

Answer

Submit the names of 2 vulnerabilities belonging to Exchange Servers (Format: VulnNickname, VulnNickname)

Answer

Submit the CVE of the zero day vulnerability of a driver which led to RCE and gain SYSTEM privileges (Format: CVE-XXXX-XXXXX)

Answer

Mention the 2 adversary groups that leverage SEO to gain initial access (Format: Group1, Group2)

Answer

In the detection rule, what should be mentioned as parent process if we are looking for execution of malicious js files [Hint: Not CMD] (Format: ParentProcessName.exe)

Answer

Ransomware gangs started using affiliate model to gain initial access. Name the precursors used by affiliates of Conti ransomware group (Format: Affiliate1, Affiliate2, Afilliate3)

Answer

The main target of coin miners was outdated software. Mention the 2 outdated software mentioned in the report (Format: Software1, Software2)

Answer

Question 9) Name the ransomware group which threatened to conduct DDoS if they didn't pay ransom (Format: GroupName)

Answer

What is the security measure we need to enable for RDP connections in order to safeguard from ransomware attacks? (Format: XXX)

Answer