Kill Chain Model Flashcards
Reconnaissance
- Gather intel
- Information gathering of intelligence.
- Help determine potential targets.
Weaponization
• Build
• Develop a cyber weapon based on the reconnaissance information about targeted systems.
• Has predetermined objectives or desired outcomes when deployed.
Examples: Viruses, Code Injection, E-Mail or Phishing, System Vulnerability exploits
• Zero-day attacks pose a challenge to detect.
• Many many more.
Delivery
• the transmission of the payload to the target via a communication vector.
• Transmission can take many forms and most delivery techniques are uniquely tailored to the targeted individuals or systems.
Delivery can be via the following:
• Email attachments, Phishing Emails, directing individuals to websites.
•USB devices.
Exploitation
- What happens after the malicious code is executed.
- Vulnerability is Attacked to gain control of the machine.
- Exploitation phase Typically targets: Applications, OS’s, Users
Installation
• Actions taken by the threat actor to establish a backdoor onto the targeted system. • Sustained access Access without raising alerts Provides for potential operations against the target. Persistent access -ability to survive system reboots and anti-malware/virus measures. -Usually undetectable.
Command and Control
- Process of establishing a communications channel with exploited hosts
- The exploited hosts beacon outbound or out of the network to an Internet-based Controller in order to establish a communication channel.
Actions on Objectives
• Actions taken that are objective-dependent. Eg: Intellectual property theft. • Corporate data theft. • Bandwidth theft. This phase is the ultimate goal of the threat actor. -Difficult to remove from the Network -Many seek to expand presence on and remain undetected.
Kill Chain
• The ability to block an attack at any stage.