Book: CH 1 Flashcards
Assessment Methodology:
PTES
Penetration Testing Execution Standard
- Built around expectations of the attacker’s actions / how they operate
Assessment Methodology:
OSSTMM
Open Source Security Testing Methodology Manual
- Built around expectations of the attacker’s actions / how they operate
Security Testing Methodology:
Cyber Kill Chain
- Military concept of the structure of an attack
- Identify where the attacker is in their process so you can adapt your own response tactics.
Lockheed Martin adapted the military concept to the info security space
Security Testing Methodology:
Attack Life Cycle
- Describes exactly how attackers have operated since the attacks started against computing infrastructure
- Rather than a theoretical exercise / military focus
- Recognizes that usually an attack is not 1-and-done, there is a loop that happens in the middle
- They use the compromised systems to launch additional attacks within the environment
- These attacks don’t happen quickly, it can take days or weeks to move to each of the phases
- These are usually organizations NOT individuals
List The Phases of
The Cyber Kill Chain
(7 Phases)
aka: Phases of the Intrusion Kill Chain
Phases of The Cyber Kill Chain:
Phase 1:
Reconnaissance
Identify target and potential points of attack
Phases of The Cyber Kill Chain:
Phase 2:
Weaponization
- May create a custom piece of malware that is specific to the target
- May use common off-the-shelf (COTS) malware too
Phases of The Cyber Kill Chain:
Phase 3: Delivery
How you get the weapon
Phases of The Cyber Kill Chain:
Phase 4: Exploitation
- Could be when the mailicious software infects the victim’s system
Exploitation leads to installation
Phases of The Cyber Kill Chain:
Phase 5: Installation
- The attacker will install additional software to maintain access to the system
- May setup remote access
Phases of The Cyber Kill Chain:
Phase 6: Command & Control
- Gives attackers remote access to the infected system
- May involve additional software installation or sending directives to infected system
Also Seen As: C2 or C&C
Phases of The Cyber Kill Chain:
Phase 7: Actions on Objective
- Attackers have goal objectives they are trying to achieve
- The attacker may try to get info or make the system perform actions (Example: DoS)
The attacker won’t stop until they achieve their objectives, so there’s a lot of activity in this phase
Phases of The Attack Life Cycle:
Phase 2: Initial Compromise
Usually launches Phishing Attacks to gain access
Phases of
Attack Life Cycle
Phases of The Attack Life Cycle:
Phase 1: Initial Recon
Identifies victim and potential attack possibilities using open source intelligence and public sources
Example: social media