From 676bf7ea2279a0de6cca458e2729e1f0df945d91 Mon Sep 17 00:00:00 2001 From: Amanda Rousseau Date: Mon, 20 Mar 2017 14:44:12 -0700 Subject: [PATCH] fixing tables --- malware.md | 46 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/malware.md b/malware.md index 46f6262..fedb8a2 100644 --- a/malware.md +++ b/malware.md @@ -14,18 +14,18 @@ title: Malware Techniques | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ## Techniques Overview -* [##Compression](#compression) -* [##Obfuscation](#obfuscation) -* [##Persistence](#persistence) -* [##Privilege Escalation](#privilege-escalation) -* [##Defense Evasion](#defense-evasion) -* [##Credential Theft](#credential-theft) -* [##Reconnaissance](#recon) -* [##Lateral Movement](#lateral-movement) -* [##Execution](#execution) -* [##Collection](#collection) -* [##Exfiltration](#exfiltration) -* [##Command and Control](#command-and-control) +* [Compression](#compression) +* [Obfuscation](#obfuscation) +* [Persistence](#persistence) +* [Privilege Escalation](#privilege-escalation) +* [Defense Evasion](#defense-evasion) +* [Credential Theft](#credential-theft) +* [Reconnaissance](#recon) +* [Lateral Movement](#lateral-movement) +* [Execution](#execution) +* [Collection](#collection) +* [Exfiltration](#exfiltration) +* [Command and Control](#command-and-control) --- @@ -74,6 +74,8 @@ title: Malware Techniques ![alt text](https://securedorg.github.io/images/CodeObfuscation.gif "CodeObfuscation") + [Goto Top^](#techniques-overview) + --- ## Persistence @@ -82,6 +84,8 @@ title: Malware Techniques * If the persistence mechanism is unique enough, it can even serve as a great way to identify a given piece of malware. ![alt text](https://securedorg.github.io/images/Persistence.png "Persistence") + +[Goto Top^](#techniques-overview) --- @@ -102,6 +106,8 @@ title: Malware Techniques Example: Dll Search Order Hijacking ![alt text](https://securedorg.github.io/images/DLLload.gif "Dll loading") +[Goto Top^](#techniques-overview) + --- @@ -115,6 +121,8 @@ Example: Dll Search Order Hijacking * Dll Side Loading * Masquerading * Process Hallowing + +[Goto Top^](#techniques-overview) --- @@ -127,18 +135,24 @@ Example: Dll Search Order Hijacking Example: Mimikatz credential theft ![alt text](https://securedorg.github.io/images/mimikatzElevate.png "Mimkatz Elevating") +[Goto Top^](#techniques-overview) + --- ## Reconnaissance * Gain knowledge about the system and internal network. +[Goto Top^](#techniques-overview) + --- ## Lateral Movement * Enable an adversary to access and control remote systems on a network and could +[Goto Top^](#techniques-overview) + --- ## Execution @@ -147,6 +161,8 @@ Example: Mimikatz credential theft * scripts * post-exploitation +[Goto Top^](#techniques-overview) + --- @@ -154,6 +170,8 @@ Example: Mimikatz credential theft * Identify and gather information, such as sensitive files, from a target network prior to exfiltration +[Goto Top^](#techniques-overview) + --- @@ -161,6 +179,8 @@ Example: Mimikatz credential theft * Removing files and information +[Goto Top^](#techniques-overview) + --- @@ -168,4 +188,6 @@ Example: Mimikatz credential theft * Communicate with systems under their control +[Goto Top^](#techniques-overview) + [x86 Assembly <- Back](https://securedorg.github.io/RE101/section1.3) | [Next -> Section 3](https://securedorg.github.io/RE101/section3)