Index
A
- Active Directory / 4. Lateral movement
- Address Space Layout Randomization (ASLR) / 3. Exploit prevention on Windows
- administrators
- checklist / 9. Process and compliance
- AES key / 4.3 How does ransomware use cryptography?
- AES symmetric key / 4.3 How does ransomware use cryptography?
- amplification / 1.8 DD4BC
- amplification attack / 1.7 Reflective DDoS attacks and amplification attacks
- analytics / 7. Analytics, machine learning, and correlation
- anti-bootkit / 4. Anti-bootkit
- Anti-Return Oriented Programming (Anti-ROP) / 3. Exploit prevention on Windows
- antivirus / 2. Antivirus
- antivirus vendor
- contacting / 3. Contacting the antivirus vendor
- API call
- processing / 2.4.1 How does an API call happen?
- API logger tools / 2.4 API logger
- application firewall (app-id firewalls) / 5.1 Firewalls
- ARKit
- reference link / 2.3 Components of an antivirus engine
- Armada Collective group / 1.9 Armada Collective
- asymmetric key / 4.2.2 Asymmetric key
- Attack Surface Reduction (ASR) / 3. Exploit prevention on Windows
- autorun tools / 2.2 Autorun tools
B
- BadRabbit ransomware / 11. BadRabbit
- banking malware
- Tibna / 4.7 Banking malware
- Shifu / 4.7 Banking malware
- Carberp / 4.7 Banking malware
- Zeus / 4.7 Banking malware
- behavior analysis / 2. Dynamic or behavior analysis
- BitCoin / 4. CryptoLocker
- Bitlocker / 8.1 Data encryption
- BlackHole exploit kit / 3.1.1 BlackHole exploit kit
- Blue Screen Of Death (BSOD) / 8. Petya
- bootkit
- analyzing / 6.3 Analyzing bootkit and boot ransomware
- bootkit infection / 4. Anti-bootkit
- boot ransomware
- about / 6. Boot ransomware
- analyzing / 6.3 Analyzing bootkit and boot ransomware
- prevention techniques / 6.4 Prevention and removal techniques
- removal techniques / 6.4 Prevention and removal techniques
- bootstrap-loader / 8. Petya
- bot herder / 4.5 Botnet
- botnet
- ZeroAccess / 4.5 Botnet
- GameOver / 4.5 Botnet
- about / 5. Botnets and downloaders
- browser locker
- about / 3. Browser locker
- JavaScript, using to act as ransomware / 3.1 How does a browser locker use JavaScript to act as ransomware?
- prevention techniques / 3.2 Prevention and removal techniques
- removal techniques / 3.2 Prevention and removal techniques
C
- calibre / 2.1 File format
- CEO fraud attack / 1. Attacks through emails
- Cerber ransomware / 7. Cerber, 4. Help from the web
- CFFExplorer
- reference link / 1.1 File type
- ClamAV
- reference link / 2.3 Components of an antivirus engine
- cleaning / 2. Antivirus
- clone phishing / 1. Attacks through emails
- closest match / 2.3 Components of an antivirus engine
- complex binary strings / 2.2 Pattern matching
- components, antivirus
- about / 2.3 Components of an antivirus engine
- file scanner / 2.3 Components of an antivirus engine
- memory scanner / 2.3 Components of an antivirus engine
- unpacker / 2.3 Components of an antivirus engine
- rootkit detector / 2.3 Components of an antivirus engine
- cleaning procedure / 2.3 Components of an antivirus engine
- components, malware / 3. Malware components
- about / 3. Malware components
- payload / 3. Malware components, 3.1 Payload
- obfuscator / 3. Malware components, 3.2 Obfuscator/packer – a wolf in sheep's clothing
- persistence / 3. Malware components, 3.3 Malware persistence
- stealth component / 3. Malware components, 3.4 Stealth – a game of hide-and-seek
- armoring / 3. Malware components, 3.5 Armoring
- command and control server / 3.6 Command and control server
- Computer Antivirus Research Organization (CARO) / 5. How does antivirus name malware?
- controlled folder access / 3. Exploit prevention on Windows
- correlation / 7. Analytics, machine learning, and correlation
- Creeper / 1.2 The birth of malware
- cross-platform ransomware / 3. Browser locker
- cross-site scripting / 3. Web attacks
- Crowti / 5. Cryptowall
- Cryptodefence / 4. CryptoLocker
- cryptographic algorithms
- symmetric key / 4.2.1 Symmetric key
- asymmetric key / 4.2.2 Asymmetric key
- cryptography
- overview / 4.2 Overview of cryptography
- CryptoLocker 2 / 4. CryptoLocker
- CryptoLocker 3 / 4. CryptoLocker
- CryptoLocker ransomware
- encryption process / 4.3 How does ransomware use cryptography?, 4. CryptoLocker
- about / 4. CryptoLocker
- crypto ransomware
- about / 4. Crypto ransomware, 6. Honeypots
- working / 4.1 How does crypto ransomware work?
- analyzing / 4.4 Analyzing crypto ransomware
- prevention techniques / 4.5 Prevention and removal techniques for crypto ransomware
- removal techniques / 4.5 Prevention and removal techniques for crypto ransomware
- CryptoWall 1 / 5.1 CryptoWall 1.0
- CryptoWall 2 / 5.2 CryptoWall 2.0
- Cryptowall 3 / 5.3 Cryptowall 3.0
- CryptoWall 4 / 5.4 Cryptowall 4.0
- Cryptowall ransomware
- about / 5. Cryptowall
- reference link / 5. Cryptowall
- CRYSIS ransomware / 4. Lateral movement
- cuckoo
- reference link / 2.6 Sandbox as a malware analysis tool
- CVE
- reference link / 3.1.1 BlackHole exploit kit
D
- Darkleech / 3.1 Exploit kits
- data
- protection / 8. Data protection
- encryption / 8.1 Data encryption
- backup / 8.2 Backup
- data breach attacks / 2. Data breach attacks
- Data Execution Prevention (DEP) / 3. Exploit prevention on Windows
- data loss prevention (DLP)
- about / 8.3 Data loss prevention solutions
- data leak prevention / 8.3 Data loss prevention solutions
- data loss prevention / 8.3 Data loss prevention solutions
- DD4BC group / 1.8 DD4BC
- DDoS attacks
- exploits / 1.5 Exploits
- botnets / 1.6 Botnets
- deceptive phishing / 1. Attacks through emails
- denial of service (DOS) attack
- about / 4.5 Botnet, 1. DoS attacks
- teardrop attack / 1.1 Teardrop attacks or IP fragmentation attacks
- IP fragmentation attack / 1.1 Teardrop attacks or IP fragmentation attacks
- User Datagram Protocol flooding attack / 1.2 User Datagram Protocol flooding
- SYN flood attack / 1.3 SYN flood
- ping of death attack / 1.4 Ping of death
- botnets / 1.6 Botnets
- desktop configuration / 1. Desktop configuration
- desktops v2.0
- reference link / 2.3 Analyzing a ScreenLocker ransomware
- desktop tool / 2.3 Analyzing a ScreenLocker ransomware
- distributed denial of service (DDoS) / 1. DoS attacks
- Domain Generation Algorithm (DGA) / 3.6 Command and control server, 6. Locky
- DoublePulasar / 9. WannaCry
- downloader
- Upatre / 4.2 Downloader
- about / 5. Botnets and downloaders
- dynamic analysis / 2. Dynamic or behavior analysis
- dynamic link libraries
- about / 2.4 Windows DLL made simple
- API call / 2.4.1 How does an API call happen?
E
- emails attacks
- about / 1. Attacks through emails
- phishing / 1. Attacks through emails
- spear phishing / 1. Attacks through emails
- watering hole attack / 1. Attacks through emails
- whaling / 1. Attacks through emails
- clone phishing / 1. Attacks through emails
- Erebus / 5. Ransomware targeting infrastructure
- EternalBlue / 9. WannaCry
- event log / 10. NotPetya
- exploit
- about / 4.11 Exploit
- prevention, on Windows / 3. Exploit prevention on Windows
- exploit kit
- about / 3.1 Exploit kits
- gate / 3.1 Exploit kits
- flow / 3.1 Exploit kits
- webattacker kit / 3.1 Exploit kits
- campaigns / 3.1 Exploit kits
- BlackHole exploit kit / 3.1.1 BlackHole exploit kit
- Nuclear exploit kit / 3.1.2 Nuclear exploit kit
- Neutrino exploit kit / 3.1.3 Neutrino Exploit kit
- landing pages, analyzing / 3.1.4 Analyzing landing pages
F
- Fairware / 5. Ransomware targeting infrastructure
- Fake Antivirus (FakeAVs) / 1. Scareware and rogue security software, 1.1 List of popular FakeAntivirus
- FakeNet / 2.3 Network monitoring tools
- fake video codec / 1. Scareware and rogue security software
- Fancy Bear group / 1.10 Fancy Bear
- FBI MoneyPak / 2. Ransomware payment modes
- features, ransomware
- file modification / 2.7 Ransomware behavior
- registry changes / 2.7 Ransomware behavior
- network communication / 2.7 Ransomware behavior
- features, Windows operating system
- startup folders / 3.3.1 Startup folders
- run entries / 3.3.2 Run entries
- services / 3.3.3 Windows services
- files execution / 3.3.4 Files executed at Windows start
- file format / 2.1 File format
- file infector
- Virut / 4.3 Virus or file infector
- Sality / 4.3 Virus or file infector
- XPAJ / 4.3 Virus or file infector
- Xpiro / 4.3 Virus or file infector
- file infectors / 4. Lateral movement
- file monitoring tool / 2.1 File and registry monitoring
- file scanning engine / 2. Antivirus
- file type, identification
- trid / 1.1 File type
- TrIDNet / 1.1 File type
- TrID XML defs / 1.1 File type
- CFFExplorer / 1.1 File type
- flooding / 1. DoS attacks
- forensics / 5. Forensics
G
- garlic routing / 1. Anonymity
- generic signature
- about / 2. Antivirus
- writing, hash algorithm used / 2.1 Hash algorithms
- writing, pattern matching algorithms used / 2.2 Pattern matching
- GPCODE ransomware / 3. GPCODE or PGPCoder
- Guardian's of Peace (GOP) / 2.1 Sony Pictures hack
H
- hacktool
- Cain and Abel / 4.9 Hacktool
- John the Ripper / 4.9 Hacktool
- Rainbow Crack / 4.9 Hacktool
- hash algorithm
- using / 2.1 Hash algorithms
- hash collision / 2.1 Hash algorithms
- hoax ransomware / 3. Browser locker
- hollowing / 3.4.2 Injecting code into a legitimate process
- honeypots / 6. Honeypots
- host-based firewall / 5.1 Firewalls
- host-based honeypots / 6. Honeypots
- human-readable strings / 2.2 Pattern matching
I
- ID Ransomware
- about / 4. Help from the web
- reference link / 4. Help from the web
- IDS/IPS
- receiver / 5.2 Intrusion detection and prevention systems
- decoder / 5.2 Intrusion detection and prevention systems
- TCP stream reassembler / 5.2 Intrusion detection and prevention systems
- application layer parser / 5.2 Intrusion detection and prevention systems
- detection / 5.2 Intrusion detection and prevention systems
- signatures / 5.2 Intrusion detection and prevention systems
- Indicator of Compromise (IOC) / 2. Dynamic or behavior analysis
- infected machine
- isolating / 1. Isolating the infected machine
- Internet Control Message Protocol (ICMP) / 1.2 User Datagram Protocol flooding
- internet service providers (ISPs) / 2. Notifying the law authorities
- intrusion detection systems (IDSes) / 5.2 Intrusion detection and prevention systems
- intrusion prevention systems (IPSes) / 5.2 Intrusion detection and prevention systems
- Invisible Internet Project (I2P) / 1. Anonymity
- IP fragmentation attack / 1.1 Teardrop attacks or IP fragmentation attacks
J
- JavaScript
- using, as ransomware / 3.1 How does a browser locker use JavaScript to act as ransomware?
K
- kernel space / 2.3 Windows virtual memory made simple
- KillDisk / 5. Ransomware targeting infrastructure
- Kimcilware / 5. Ransomware targeting infrastructure
L
- landing page / 3.1 Exploit kits
- lateral movement / 4. Lateral movement, 5. Detection on a network
- law authorities
- notifying / 2. Notifying the law authorities
- legitimate process
- code, injecting / 3.4.2 Injecting code into a legitimate process
- list of file formats
- reference link / 2.1 File format
- loader / 2.1 File format
- Locky ransomware / 1. Attacks through emails, 6. Locky
M
- machine learning / 2.3 Components of an antivirus engine, 7. Analytics, machine learning, and correlation
- malicious activity detection, on network
- about / 5. Detection on a network
- firewalls / 5.1 Firewalls
- IDS/IPS / 5.2 Intrusion detection and prevention systems
- sandboxes / 5.3 Sandboxes
- malvertising / 3.1 Exploit kits
- malware
- history / 1. The malware story, 1.1 Malware in the womb
- origin / 1.2 The birth of malware
- Rabbit virus / 1.3 Malware started crawling
- Animal trojan / 1.3 Malware started crawling
- Brain virus / 1.3 Malware started crawling
- Lahore virus / 1.3 Malware started crawling
- Vienna virus / 1.3 Malware started crawling
- Lehigh virus / 1.3 Malware started crawling
- Morris worm / 1.3 Malware started crawling
- Ghostball virus / 1.3 Malware started crawling
- Happy99 worm / 1.4 Malware started playing
- Melissa worm / 1.4 Malware started playing
- love bug worm / 1.4 Malware started playing
- Code Red worm / 1.4 Malware started playing
- Nimda worm / 1.4 Malware started playing
- SQL Slammer worm / 1.4 Malware started playing
- Baggle worm / 1.4 Malware started playing
- Brontok worm / 1.4 Malware started playing
- Conficker virus / 1.4 Malware started playing
- Zeus trojan / 1.5 Malware started earning
- Tinba trojan / 1.5 Malware started earning
- GozNym trojan / 1.5 Malware started earning
- Dyre trojan / 1.5 Malware started earning
- BlackPos virus / 1.5 Malware started earning
- Alina virus / 1.5 Malware started earning
- Skimmer virus / 1.5 Malware started earning
- BackOff virus / 1.5 Malware started earning
- CryptoLocker ransomware / 1.5 Malware started earning
- Locky ransomware / 1.5 Malware started earning
- Cerber ransomware / 1.5 Malware started earning
- naming / 5. How does antivirus name malware?
- prevention techniques / 1.2 Prevention and removal techniques
- removal techniques / 1.2 Prevention and removal techniques
- boot sector, infecting / 6.2 How can malware infect the boot sector?
- malware, types
- about / 4. Types of malware
- backdoor / 4.1 Backdoor
- downloader / 4.2 Downloader
- virus / 4.3 Virus or file infector
- file infector / 4.3 Virus or file infector
- worm / 4.4 Worm
- botnet / 4.5 Botnet
- keylogger / 4.6 Keylogger and password stealer
- password stealer / 4.6 Keylogger and password stealer
- banking malware / 4.7 Banking malware
- POS malware / 4.8 POS malware
- hacktools / 4.9 Hacktool
- RAT / 4.10 RAT
- exploit / 4.11 Exploit
- malware analysis
- file monitoring tool / 2.1 File and registry monitoring
- registry monitoring tool / 2.1 File and registry monitoring
- autorun tools / 2.2 Autorun tools
- network monitoring tools / 2.3 Network monitoring tools
- API logger tools / 2.4 API logger
- process inspection / 2.5 Process inspection
- sandbox / 2.6 Sandbox as a malware analysis tool
- ransomware / 2.7 Ransomware behavior
- malware capabilities, future
- about / 1. The future of malware capabilities
- distribution channel / 1.1 Distribution channel
- anonymity / 1.2 Anonymity
- evading detection / 1.3 Evading detection
- decryption, avoiding / 1.4 Avoiding decryption
- side stepping encryption / 1.5 Side stepping encryption
- malzilla / 3.1 Exploit kits, 3.1.4 Analyzing landing pages
- man-in-the-middle (MITM) attack / 4.7 Banking malware
- Master Boot Record (MBR) / 6. Boot ransomware, 8. Petya
- Master File Table (MFT) / 8. Petya
- Microsoft Developer Network (MSDN) / 2.4.1 How does an API call happen?
- Microsoft Enhanced Mitigation Experience Toolkit (EMET) / 3. Exploit prevention on Windows
- Microsoft Word
- macros / 2. Microsoft Word macros
- Mimikatz / 4. Lateral movement, 9. WannaCry
- modules / 2.3 Windows virtual memory made simple
- MongoDB Apocalypse / 5. Ransomware targeting infrastructure
- Mpack / 3.1 Exploit kits
N
- Necrus botnet / 5. Botnets and downloaders
- network firewalls / 5.1 Firewalls
- Networking Time Protocol (NTP) / 1.7 Reflective DDoS attacks and amplification attacks
- network monitoring tools / 2.3 Network monitoring tools
- Neutrino exploit kit / 3.1.3 Neutrino Exploit kit
- No More Ransomware
- reference link / 4. Help from the web
- No Ransomware / 4. Help from the web
- NotPetya ransomware / 10. NotPetya
- Nuclear exploit kit / 3.1.2 Nuclear exploit kit
O
- obfuscator / 3.2 Obfuscator/packer – a wolf in sheep's clothing
- Object Library (OLE) / 2.1 File format
- OfficeMalScanner
- reference link / 2. Microsoft Word macros
- Onion Routing / 1. Anonymity
- Open Web Application Security Project (OWASP)
- reference link / 3. Web attacks
P
- packet filtering firewalls / 5.1 Firewalls
- pattern matching algorithms
- using / 2.2 Pattern matching
- about / 2.2 Pattern matching
- pattern matching signature / 2.3 Components of an antivirus engine
- payload / 3.1 Payload
- payment modes, ransomware
- crypto currencies / 2.1 Crypto currencies
- PayPal
- reference link / 2. Ransomware payment modes
- PClock / 4. CryptoLocker
- PE executable
- structure / 1.2 Static properties of an .exe file
- strings / 1.2 Static properties of an .exe file
- version information / 1.2 Static properties of an .exe file
- icon of the file / 1.2 Static properties of an .exe file
- static disassembly / 1.2 Static properties of an .exe file
- Petya ransomware / 8. Petya
- RED-PETYA / 8.1 PETYA/RED-PETYA
- PETYA-MISCHA / 8.2 PETYA-MISCHA/GREEN-PETYA
- GREEN-PETYA / 8.2 PETYA-MISCHA/GREEN-PETYA
- GoldenEye / 8.3 PETYA GOLDEN EYE
- pfSense / 5.1 Firewalls
- PGPCoder ransomware / 3. GPCODE or PGPCoder
- phishing / 1. Attacks through emails
- pingback request / 1.8 DD4BC
- ping of death attack / 1.4 Ping of death
- point of sale (POS) / 1.5 Malware started earning
- process
- for organization safeguarding / 9. Process and compliance
- Process Hacker / 2.3 Windows virtual memory made simple
- reference / 2.5 Process inspection
- process inspection
- about / 2.5 Process inspection
- command and control servers, URLs / 2.5.1 URLs and IP addresses of command and control servers
- command and control servers, IP addresses / 2.5.1 URLs and IP addresses of command and control servers
- related strings, armoring / 2.5.2 Armoring related strings
- registry changes / 2.5.3 Registry changes
- strings, related to stealer / 2.5.4 Strings related to a stealer
- strings, related to banking malware / 2.5.5 Strings related to banking malware
- Process Monitor v3.50
- reference link / 2.1 File and registry monitoring
- pseduo-Darkleech campaign / 3.1 Exploit kits
- pseudo-Darkleech
- reference link / 3.1 Exploit kits
- PsExec / 4. Lateral movement
- PsExec v2.2
- reference link / 4. Lateral movement, 10. NotPetya
- public key / 4.2.2 Asymmetric key
R
- ransom note / 4. Help from the web
- ransomware
- cryptography, using / 4.3 How does ransomware use cryptography?
- payment modes / 2. Ransomware payment modes
- about / 4. Other forms of ransom
- on Android / 12. Ransomware on Android, macOS, and Linux
- on macOS / 12. Ransomware on Android, macOS, and Linux
- on Linux / 12. Ransomware on Android, macOS, and Linux
- future victims / 2. Future victims, 2.4 Taking your pacemaker hostage
- Ransomware as a Service (RaaS)
- about / 3. RaaS, 4. CryptoLocker, 7. Cerber
- reference link / 3. RaaS
- ransomware encrypted file / 4. Help from the web
- ransomware encryption tool
- reference link / 4.5 Prevention and removal techniques for crypto ransomware
- ransomware targeting infrastructure
- about / 5. Ransomware targeting infrastructure
- prevention techniques / 5.1 Prevention techniques
- RAT
- real-time protection / 2.3 Components of an antivirus engine
- real-time scanning / 2. Antivirus
- reflection / 1.8 DD4BC
- reflective DDoS attacks / 1.7 Reflective DDoS attacks and amplification attacks
- registry monitoring tool / 2.1 File and registry monitoring
- Remote Desktop Protocol (RDP) / 4. Lateral movement
- Return Oriented Programming (ROP) / 3. Exploit prevention on Windows
- Reveton ransomware
- about / 3.1.1 BlackHole exploit kit, 1. Reveton
- reference link / 1. Reveton
- Rex / 5. Ransomware targeting infrastructure
- Rich Text Format (RTF) / 2.1 File format
- Rijendael Algorithm / 4. CryptoLocker
- rogue antivirus / 1. Scareware and rogue security software
- rogue security software
- about / 1. Scareware and rogue security software
- reference link / 1.1 List of popular FakeAntivirus
- rootkit / 2.5 API hooking made simple
- routers / 1. Anonymity
- routing / 1. Anonymity
- RSA public key / 4.3 How does ransomware use cryptography?
S
- Samas ransomware / 4. Lateral movement
- Sambacry / 4. Lateral movement
- sandboxes
- about / 5.3 Sandboxes
- static analysis engine / 5.3 Sandboxes
- behavioral analysis engine / 5.3 Sandboxes
- Scanner minifilter
- reference link / 2.3 Components of an antivirus engine
- scareware / 1. Scareware and rogue security software
- ScreenLocker ransomware
- about / 2. ScreenLocker ransomware
- working, on Windows OS / 2.1 How does ScreenLocker ransomware work on Windows OS?
- messages / 2.2 Different kinds of messages from the ScreenLocker
- analyzing / 2.3 Analyzing a ScreenLocker ransomware
- prevention techniques / 2.4 Prevention and removal techniques
- removal techniques / 2.4 Prevention and removal techniques
- secret key / 4.2.1 Symmetric key
- Serve
- reference link / 2. Ransomware payment modes
- server-side vulnerabilities / 3. Web attacks
- Server Message Block (SMB) / 4. Lateral movement
- sinkholed malware / 2. Notifying the law authorities
- sinkholing / 2. Notifying the law authorities
- Sony Pictures hack / 2.1 Sony Pictures hack
- spear phishing / 1. Attacks through emails
- spoofed email ID / 1. Attacks through emails
- SQL injection / 3. Web attacks
- stateful firewalls / 5.1 Firewalls
- static analysis
- about / 1. Static analysis
- file type / 1.1 File type
- .exe file, properties / 1.2 Static properties of an .exe file
- disadvantages / 1.3 Disadvantages of static analysis
- stealth component
- file properties / 3.4.1 File properties – an old-school trick
- code, injecting into legitimate process / 3.4.2 Injecting code into a legitimate process
- rootkits / 3.4.3 Rootkits
- fileless malware / 3.4.4 Fileless malware
- Structured Exception Handler (SEH Protection) / 3. Exploit prevention on Windows
- supporting libraries (DLLs) / 2.3 Windows virtual memory made simple
- symmetric key / 4.2.1 Symmetric key, 4. CryptoLocker
- SYN flood attack / 1.3 SYN flood
- Sysinternals Process Explorer / 2.5 API hooking made simple
T
- teardrop attack / 1.1 Teardrop attacks or IP fragmentation attacks
- The Onion Router (TOR) / 1. Anonymity
- Torrentlocker / 4. CryptoLocker
- TrIDNet
- reference link / 1.1 File type
- TrueCrypt / 8.1 Data encryption
U
- Ukash / 2. Ransomware payment modes
- Unified Extensible Firmware Interface (UEFI)
- about / 4. Anti-bootkit
- processing / 4. Anti-bootkit
- Upatre / 5. Botnets and downloaders
- User Account Control (UAC) / 4. Anti-bootkit
- User Datagram Protocol flooding attack / 1.2 User Datagram Protocol flooding
- user space / 2.3 Windows virtual memory made simple
V
- version information
- digital signature / 1.2 Static properties of an .exe file
- viper / 2.1 Sony Pictures hack
- VirLock ransomware / 4. Lateral movement, 2. VirLock – the hybrid ransomware
- virtual memory / 2.3 Windows virtual memory made simple
- VirusTotal
- reference link / 5. How does antivirus name malware?
- Visual Basic for Applications (VBA) / 2. Microsoft Word macros
- vulnerabilities / 4.11 Exploit
W
- WannaCry ransomware / 1. Attacks through emails, 9. WannaCry
- watering hole attack / 1. Attacks through emails
- web application
- about / 3. Web attacks
- exploit kit / 3.1 Exploit kits
- web application firewall / 5.1 Firewalls
- web attacks / 3. Web attacks
- whaling / 1. Attacks through emails
- Win32 Portable Executable File Format
- reference link / 2.4.1 How does an API call happen?
- Windows boot process / 6.1 Windows boot process
- Windows Defender
- about / 2.3 Components of an antivirus engine
- reference link / 3. Exploit prevention on Windows
- Windows Defender Exploit Guard (WDEG) / 3. Exploit prevention on Windows
- Windows Management Instrumentation (WMI) / 4. Lateral movement
- Windows Management Instrumentation Command-line (WMIC) / 10. NotPetya
- Windows operating system
- about / 2. Windows operating system basics, 2.1 File format
- file format / 2.1 File format
- execution / 2.2 Windows executable made simple
- virtual memory / 2.3 Windows virtual memory made simple
- dynamic link libraries / 2.4 Windows DLL made simple
- API hooking / 2.5 API hooking made simple
- ScreenLocker ransomware, working / 2.1 How does ScreenLocker ransomware work on Windows OS?
- exploits, preventing / 3. Exploit prevention on Windows
- Windows Task Manager / 2.5 API hooking made simple
- wiper / 2.1 Sony Pictures hack
Y
- YARA
- reference link / 2.2 Pattern matching
Z
- Zcryptor / 4. Lateral movement