Kill Chain Model Flashcards
Reconnaissance
- Gather intel
- Information gathering of intelligence.
- Help determine potential targets.
Weaponization
• Build
• Develop a cyber weapon based on the reconnaissance information about targeted systems.
• Has predetermined objectives or desired outcomes when deployed.
Examples: Viruses, Code Injection, E-Mail or Phishing, System Vulnerability exploits
• Zero-day attacks pose a challenge to detect.
• Many many more.
Delivery
• the transmission of the payload to the target via a communication vector.
• Transmission can take many forms and most delivery techniques are uniquely tailored to the targeted individuals or systems.
Delivery can be via the following:
• Email attachments, Phishing Emails, directing individuals to websites.
•USB devices.
Exploitation
- What happens after the malicious code is executed.
- Vulnerability is Attacked to gain control of the machine.
- Exploitation phase Typically targets: Applications, OS’s, Users
Installation
• Actions taken by the threat actor to establish a backdoor onto the targeted system.
• Sustained access
Access without raising alerts
Provides for potential operations
against the target.
Persistent access
-ability to survive system reboots and
anti-malware/virus measures.
-Usually undetectable.Command and Control
- Process of establishing a communications channel with exploited hosts
- The exploited hosts beacon outbound or out of the network to an Internet-based Controller in order to establish a communication channel.
Actions on Objectives
• Actions taken that are objective-dependent.
Eg: Intellectual property theft.
• Corporate data theft.
• Bandwidth theft.
This phase is the ultimate goal of the threat actor.
-Difficult to remove from the Network
-Many seek to expand presence on
and remain undetected.Kill Chain
• The ability to block an attack at any stage.
