Chapter 1 - OBS - EJ STUDY GUIDE-FRÅGOR Flashcards
Vad innebär reconnaissance?
First stage of the cyber kill chain is reconnaissance.
Attacker identifies their target as well as potential points of attack.
This may include identifying vulnerabilities that could be exploited.
There may be a lot of information about the target gathered in this phase, which will be useful later in the attack process
Beskriv weaponization
Once the attacker has identified a target, they need to determine how to attack the target. This is where weaponization comes in. The attacker may create a custom piece of malware, for instance, that is specific to the target.
Menas med Delivery?
Delivery is how you get the weapon (the malware or the link to a rogue website) into the victim’s environment. For example: This could be sending an attachment in via email, or it could be that the malicious software is hosted on a web server the victim is expected to visit and get infected when they hit the website.
Vad ingår i Cyber Kill Chain?
Reconnaissance
Weaponization
Delivery
Installation
Command & Control
Actions on Objective
Förklara vad Exploitation är?
Exploitation is when the malicious software infects the victim’s system.
Installation i en cyber kill chain?
Exploitation leads to installation. The attacker will install additional software to main- tain access to the system and perhaps give them remote access to the system.
När installation är färdig går hackern mot vadå?
Command and control. The command-and-control phase gives attackers remote access to the infected system. This may involve installation of additional software, or it may involve send- ing directives to the infected system.
Sista steget heter och innebär?
Actions on Objective.Ahieve the objective of the intrusion, which can include exfiltration or destruction of data, or intrusion of another target.
Criminally oriented are probably looking for ways to monetize the infected systems by stealing information that could be stolen/sold
or to gain access to intellectual property.
Syftet med scanning och enumereringsfasen?
The objective of this phase is to gather as much information as you can to have starting points for when you move into the next phase.
This phase can be time-consuming, especially as the size of the net- work and enterprise you are working with grows.
The more details you can gather here, the easier the next stage will be for you.
Beskriv white hat, black hat och grey hat hackers.
White-hat hackers are people who always do their work for good.
Black-hat hackers, probably not surprisingly, are people who do bad things, generally actions that are against the law.
Gray-hat hackers, though, fall in the middle.They are working for good, but they are using the techniques of black-hat hackers.
Största skillnaden mellan cyber kill chain och attack life cycle?
Attack life cycle: Betonar att en attack inte är en engångshändelse utan en pågående process. Efter initial intrång fortsätter angriparen att röra sig inom nätverket, etablera fotfästen, eskalera sina privilegier och samla in data över tid. Den visar på en återkommande loop där angriparen utnyttjar hackade system för ytterligare intrång och attacker.
Cyber Kill Chain: Beskriver en linjär och stegvis process för en attack, från recon’ till intrång och exfiltration av data. Den har en mer statisk och sekventiell struktur, med fokus på att bryta kedjan vid varje steg för att förhindra en fullständig attack.
