CSA Crossword - Version 3 - Med to Hard clues

12345678910111213141516171819
Across
  1. 4. Expanding access by pivoting between internal systems
  2. 6. Behavior‑based detection logic used when signatures are insufficient
  3. 7. The attacker’s first stable position inside a compromised environment
  4. 9. A predefined sequence of IR actions for a specific threat scenario
  5. 11. A bundle of automated tools used to deliver and trigger exploits
  6. 12. The IR phase focused on limiting attacker movement and damage
  7. 13. The specific update state of a system relevant to vulnerability exposure
  8. 15. A generic rule format for expressing SIEM detection logic
  9. 17. The sequence of steps an attacker used to reach sensitive assets
  10. 18. Rule‑based pattern matching used to identify malware families
  11. 19. Automated probing to identify vulnerabilities or misconfigurations
Down
  1. 1. Techniques used to maintain long‑term access after initial compromise
  2. 2. Pre‑attack information gathering to map assets and exposures
  3. 3. Restoring a compromised system by deploying a clean OS image
  4. 5. The process determining what actions an authenticated user may perform
  5. 8. Intelligence gathered from publicly accessible sources to profile a target
  6. 10. Periodic outbound traffic from malware calling home to its controller
  7. 14. The remote system issuing commands to compromised hosts
  8. 16. Removing malicious artifacts and closing exploited weaknesses