Attack Frameworks

Question 1

Kill Chain Stages

Answer 1

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control (C2)
Action on Objectives

Question 2

The attacker determines what methods to use to complete the phases of attack.

Answer 2

Reconnaissance

Question 3

The attacker adds payload code that will enable access with exploit code that will use a vulnerability to execute on the target system.

Answer 3

Weaponization

Question 4

The attacker identifies a vector by which to transmit the weaponized code to the target environment.

Answer 4

Delivery

Question 5

The weaponized code is executed on the target system by this mechanism.

Answer 5

Exploitation

Question 6

This mechanism enables the weaponized code to run a remote access tool and achieve persistence on the target system.

Answer 6

Installation

Question 7

The weaponized code establishes an outbound channel to a remote server that can then be used to control the remote access tool and possible download additional tools to progress the attack.

Answer 7

Command & Control (C2)

Question 8

The attacker typically uses the access he has achieved to covertly collect information from target systems and transfer it to a remote system (data exfiltration) or achieve other goals and motives.

Answer 8

Actions on Objectives

Question 9

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org)

The pre-ATT&CK tactics matrix aligns to the reconnaissance and weaponization
phases of the kill chain

Answer 9

MITRE ATT&CK Framework

Question 10

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure and victim.

Answer 10

Diamond Model in Intrusion Analysis