Exam 312-50v11 topic 1 question 379 discussion

ChatGPT: Answer: C. Script-based injection Explanation: The technique used by Jack to launch the fileless malware on the target systems is known as script-based injection. Here's why: Script-based injection (option C): In this scenario, Jack used fraudulent emails containing malicious links. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. The term "script-based" refers to the use of scripts or code embedded in a web page or email to initiate an attack. In this case, the script is used to exploit vulnerabilities in Flash and deliver the fileless malware. Phishing (option D): Phishing is a broader term that encompasses various deceptive techniques to trick individuals into divulging sensitive information. In this scenario, while there is an element of deception (fraudulent emails), the specific technique used for the malware injection is script-based.

Phishing

Phishing

The correct option is D. Phishing

"What is the technique?" In memory exploits is not a technique, I go with "phishing"

Launching Fileless Malware through Phishing Attackers commonly use social engineering techniques such as phishing to spread fileless malware to the target systems. Fileless malware exploits vulnerabilities in system tools to load and run malicious payloads on the victim’s machine to compromise the sensitive information stored in the process memory. (P.978/962)

if it asks technique then it is phishing. "Attackers commonly use social engineering techniques such as phishing to spread fileless malware to the target systems Fileless malware exploits vulnerabilities in system tools to load and run malicious payloads on the victim’s machine to compromise the sensitive information stored in the process memory Point "

For me is C, also because they want to know what is the technique used, so phising it's the initial one, in-memory exploits it's the resoult and so guys if you check page 960 you find the technique.

D is correct. no doubt.

D is the correct one. According CEH v.11 page 962: Launching Fileless Malware through Phishing Attackers commonly use social engineering techniques such as phishing to spread fileless malware to the target systems. They send spam emails embedded with malicious links to the victim. When the victim clicks on the link, he/she will be directed to a fraudulent website that automatically loads Flash and triggers the exploit.

"What is the technique used by Jack to launch the fileless malware on the target systems?"

This is a bit confusing. I will go with D

answers is D) Phishing

pishing is the correct answer!!

Phishing was used to launch the attack here.

“What is the technique used by Jack to launch the fileless malware on the target systems?” It didn’t ask what type of exploit, or how does this exploit work. It’s simply asking what did he do so he can deliver his malicious file? He emailed it, they clicked, and the fileless malware was launched on their machine. Would he be able to launch his malicious file without Phishing? Absolutely not, so we don’t really care what type of vulnerability he used, we care about how was he able to do it. For that reason I go for D. Phishing. Don’t overthink it.

it's D. Phishing M.7 p.962