Chapter 3 - Understanding Incident Analysis Flashcards
List the seven phases in the Cyber Kill Chain in order.
Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command-and-Control, Actions on Objectives
Which phase do threat actors gather and review available information (gained passively or actively) on a potential target organization.
Reconnaissance
In which phase is the development of a program with pre-determined objectives based on the reconnaissance phase. IE Building or preparing an exploit
Weaponization
What phase does the transmission of the payload (exploit) to the target take place? IE Email, phishing, USB
Delivery
In what phase describes what occurs once the malicious code is executed? Typical weaknesses are applications, OS vulnerabilities, and users
Exploitation
Which phase describes actions taken by the threat actor to establish a back door into the system? Also known as the persistence phase.
Installation
In what phase does the exploited host beacon out to an Internet controller to establish a communications channel?
Command-and-control
In what phase has the threat actor reached the final step of the original objective? This may include intellectual property theft, corporate data theft, DoS traffic, etc.
Actions on objectives
Name the four nodes in the Diamond Model framework.
Adversary, Capability, Victim, Infrastructure