Kill Chain Model Flashcards

1
Q

Reconnaissance

A
  • Gather intel
  • Information gathering of intelligence.
  • Help determine potential targets.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Weaponization

A

• Build
• Develop a cyber weapon based on the reconnaissance information about targeted systems.
• Has predetermined objectives or desired outcomes when deployed.
Examples: Viruses, Code Injection, E-Mail or Phishing, System Vulnerability exploits
• Zero-day attacks pose a challenge to detect.
• Many many more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Delivery

A

• the transmission of the payload to the target via a communication vector.
• Transmission can take many forms and most delivery techniques are uniquely tailored to the targeted individuals or systems.
Delivery can be via the following:
• Email attachments, Phishing Emails, directing individuals to websites.
•USB devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Exploitation

A
  • What happens after the malicious code is executed.
  • Vulnerability is Attacked to gain control of the machine.
  • Exploitation phase Typically targets: Applications, OS’s, Users
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Installation

A
• Actions taken by the threat actor to establish a backdoor onto the targeted system. 
• Sustained access 
     Access without raising alerts
     Provides for potential operations 
     against the target. 
Persistent access 
   -ability to survive system reboots and  
      anti-malware/virus measures. 
   -Usually undetectable.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Command and Control

A
  • Process of establishing a communications channel with exploited hosts
  • The exploited hosts beacon outbound or out of the network to an Internet-based Controller in order to establish a communication channel.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Actions on Objectives

A
• Actions taken that are objective-dependent. 
Eg: Intellectual property theft. 
• Corporate data theft. 
• Bandwidth theft. 
This phase is the ultimate goal of the threat actor. 
  -Difficult to remove from the Network 
  -Many seek to expand presence on
    and remain undetected.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Kill Chain

A

• The ability to block an attack at any stage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly