Attack Frameworks Flashcards
Kill Chain - Reconnaissance < Weaponization < Delivery < Exploitation < Installation < Command & Control (C2) < Actions on Objectives
A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion
Reconnaissance - Kill Chain Model
The attacker determines what methods to use to complete the phases of the attack
Weaponization - Kill Chain Model
The attacker couples payload code that will enable access with exploit code that will use a vulnerability to execute on the target system
Delivery - Kill Chain Model
The attacker identifies a vector by which to transmit the weaponized code to the target environment
Exploitation - Kill Chain Model
The weaponized code is executed on the target system by this mechanism
Installation - Kill Chain Model
This mechanism enables the weaponized code to run a remote access tool and achieve persistence on the target system
Command & Control (C2) - Kill Chain Model
The weaponized code establishes an outbound channel to a remote server that can be used to control the remote access tool and possibly download additional tools to progress the attack
Actions on Objectives - Kill Chain Model
The attacker typically uses the access he has achieved to covertly collect information from target systems and transfer it to a remote system (data exfiltration) or achieve other goals and motives.
Kill chain analysis can be used to identify a defensive course-of-action matrix to counter the progress of an attack at each stage.
MITRE ATTACK Framework
A KB maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org).
The pre-ATTACK tactics matrix aligns to the reconnaissance and weaponization phases of the kill chain.
Diamond Model of Intrusion Analysis
A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim.