Cyber Kill Chain Methodology 💻

on


The Cyber Kill chain methodology is based on military kill chains. This Methodology helps security professionals to identify the steps that hackers follow to accomplish their goals. This contains seven phases as 

  1. Reconnaissance.
  2. Weaponization.
  3. Delivery.
  4. Exploitation.
  5. Installation.
  6. Command and Control.
  7. Actions on Objectives.
This will help the organization provide security controls at different stages of an attack and also helps in understanding the adversary tactics, techniques, and procedures before the attack occurs. Often this methodology is used by many real-life hackers, penetration testers, and some popular web series like Mr.Robot.
  • Reconnaissance

An attacker performs reconnaissance on the target to collect as much as information to find the weak points on the systems they are using. Finding the information which is available on the open source, finding the ip address, ports that they are using, type of services, service versions heps the adversary to perform an attack on the vulnerability that is present on the service version. Reconnaissance is similiar to Scanning phase where it finds the open ports and enumerate the service to find the usernames and passwords that are present to perform social engineering on the victim.

  •  Weaponization

Now after the finding the important information in the recon phase now the adversary creates malware, virus to gain remote access on the target system. Finding the techonologies that they use and creating the scripts to gain privileges and to maintain access on the target. Creating backdoor to further send our malicious software for carefully watching the keystrokes that are made by the victim to steal the usernames and passwords.

  • Delivery

 After creating the weapon this piece of malware has to be transmitted to the intended victim either by sending with the email attachments, usb drives, and through the vulnerable web application. And once the victim downloads or inject the piece of malicious script the real fun starts. The adversary can make a reverse connection to his device by evading those firewalls by encrypting the data that is in transit in the network through the firewall.

  • Exploitation

Now the adversary will execute the malicious code to exploit the operating system, or server. This leads to corrupt the authentication, authorization attacks, arbitary code execution, and security misconfiguration.

  • Installation

The adversary will install more malicious software into the target system implementing the keylogger to capture the keystrokes made by victim. Transferring the data from that device to the adversary device by encrypting the data to evade the firewall.

  • Command and Control

Having the command and control on the vitim machine to either manipulate the data in transit like changing the session cookies while hacking the web application. And also lauching some DDOS attacks by making them as botnet. And also can be used to perform pivoting attacks to gain access on each machine on the network.

  • Actions on Objectives

 Now the adversary focus on the goals either by stealing the data, exploiting the device and using it as botnet, deleting the data on that machine, changing the security configuration on the machine and allowing other bad hackers to expoit it and cause massive damage to the organization.

 

Connect With Me:-


Comments

Post a Comment