Which techniques are commonly used by attackers to hide their activities on a system?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which techniques are commonly used by attackers to hide their activities on a system?

Explanation:
To hide activity on a system, attackers commonly manipulate logs, hide files, and use covert channels. Tampering with logs—editing, deleting, or corrupting entries—erases traces of what was done and makes it harder for defenders to reconstruct the sequence of events. Hiding files involves setting files to be hidden, using hidden directories, or employing techniques like alternate data streams or timestomping to disguise tools and artifacts from a casual or automated search. Covert channels are methods for moving data or communicating with a command-and-control server in ways that evade normal monitoring—think timing channels, embedding data in legitimate traffic, or using uncommon protocols in subtle ways. When combined, these techniques help an attacker maintain access and operate under the radar. Encrypting files for ransom is about denying access to data and coercing payment, not primarily about concealing ongoing activity on the system. Logging actions transparently would expose what the attacker is doing, not hide it. Regularly patching software is a defensive or administrative activity that reduces exploit opportunities, not a tactic attackers use to conceal their presence.

To hide activity on a system, attackers commonly manipulate logs, hide files, and use covert channels. Tampering with logs—editing, deleting, or corrupting entries—erases traces of what was done and makes it harder for defenders to reconstruct the sequence of events. Hiding files involves setting files to be hidden, using hidden directories, or employing techniques like alternate data streams or timestomping to disguise tools and artifacts from a casual or automated search. Covert channels are methods for moving data or communicating with a command-and-control server in ways that evade normal monitoring—think timing channels, embedding data in legitimate traffic, or using uncommon protocols in subtle ways. When combined, these techniques help an attacker maintain access and operate under the radar.

Encrypting files for ransom is about denying access to data and coercing payment, not primarily about concealing ongoing activity on the system. Logging actions transparently would expose what the attacker is doing, not hide it. Regularly patching software is a defensive or administrative activity that reduces exploit opportunities, not a tactic attackers use to conceal their presence.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy