Attack Frameworks Flashcards

1
Q

Kill Chain - Reconnaissance < Weaponization < Delivery < Exploitation < Installation < Command & Control (C2) < Actions on Objectives

A

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Reconnaissance - Kill Chain Model

A

The attacker determines what methods to use to complete the phases of the attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Weaponization - Kill Chain Model

A

The attacker couples payload code that will enable access with exploit code that will use a vulnerability to execute on the target system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Delivery - Kill Chain Model

A

The attacker identifies a vector by which to transmit the weaponized code to the target environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Exploitation - Kill Chain Model

A

The weaponized code is executed on the target system by this mechanism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Installation - Kill Chain Model

A

This mechanism enables the weaponized code to run a remote access tool and achieve persistence on the target system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Command & Control (C2) - Kill Chain Model

A

The weaponized code establishes an outbound channel to a remote server that can be used to control the remote access tool and possibly download additional tools to progress the attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Actions on Objectives - Kill Chain Model

A

The attacker typically uses the access he has achieved to covertly collect information from target systems and transfer it to a remote system (data exfiltration) or achieve other goals and motives.
Kill chain analysis can be used to identify a defensive course-of-action matrix to counter the progress of an attack at each stage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

MITRE ATTACK Framework

A

A KB maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org).
The pre-ATTACK tactics matrix aligns to the reconnaissance and weaponization phases of the kill chain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Diamond Model of Intrusion Analysis

A

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly