Attack Frameworks Flashcards
Kill Chain
A model Developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion. This is a 7 step process
Reconnaissance
The attacker determines what methods to use to complete the phases of the attack.
Weaponization
The attacker couples payload code that will enable access with exploit code that will use a vulnerability to execute on the target system.
Delivery
The attacker identifies a vector by which to transmit the weaponized code to the target environment. This could be by email etc.
Exploitation
The weaponized code is executed on the target system by this mechanism. This could be someone opening up a link that could be a phishing link.
Installation
This mechanism enables the weaponized code to run a remote access tools and achieve persistence on the target system.
Command & Control (C2)
The weaponized code establishes an outbound channel to a remote server that can be used to control the remote access tool and possibly download additional tools to progress the attack. The person pretty much owns the system.
Actions on Objectives
The attacker typically uses the access he has achieved to covertly collect info from target systems and transfer it to a remote system or achieve other goals and motives.
Kill Chain Analysis
This can be used to identify a defensive course-of-action matrix to counter the progress of an attack at each stage.
MITRE Attack Framework
A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures.
Diamond Model of Intrusion Analysis
A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure and victim.
