Scribd
Upload
12 views

Cyber Kill Chain Methodology-

Uploaded by

Rajeev Srinivas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views

Cyber Kill Chain Methodology-

Uploaded by

Rajeev Srinivas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

PREPARED BY:- Vikas shukla

REVIEWED BY:- Sulabh mishra

Cyber Kill Chain Methodology:


The cyber kill chain is essentially a cyber-security model created by “Lockheed Martin” that
traces the stages of a cyberattack, identifies vulnerabilities, and helps security teams to stop the
attacks at every stage of the chain
Reconnaissance:-
A n observation stage in which attacker collects data about the target and the tactics for
the attack. This includes harvesting email addresses and gathering other information.
Detect:
Web Analytics; Threat Intelligence; Network Intrusion Detection System.
Deny:
Information Sharing Policy; Firewall Access Control Lists.

Weaponization:-
Preparing or creating a deliverable malicious payload by attacker using an exploit and a
backdoor.
Detect:
Threat Intelligence; Network Intrusion Detection System.
Deny:Network Intrusion Prevention System.

Delivery:-
via a The attacker delivers the weaponized malware phishing email or some other
medium. The most common delivery vectors for weaponized payloads include websites,
removable disks, and emails. This is the most important stage where the attack can be
stopped by the security teams.
Detect: Endpoint Malware Protection.

Deny: Change Management; Application Whitelisting; Proxy Filter; Host-Based Intrusion


Prevention System, Router ACL, Trust Zone etc.
Exploit:-
When malicious code is delivered into the organization’s system. Exploiting vulnerability by
executing that malicious code on the victim's system. It means the perimeter is breached here.
Detect:
Endpoint Malware Protection; Host-Based Intrusion Detection System.
Deny:
Secure Password; Patch Management, Firewall, Trust Zones.

Installation:-
A backdoor or Remote Access Trojan is installed on the target system by the malware that
provides access to the intruder. This is also another important stage where the attack can be
stopped using systems such as HIPS (Host-based Intrusion Prevention System). Detect:
Security Information and Event Management (SIEM); Host-Based Intrusion Detection System
Deny:
Privilege Separation; Strong Passwords; Two-Factor Authentication, Router ACL, Firewall, Trust
Zone.

Command & Control:-


The attacker gains control over the organization’s systems and network. Attackers gain access
to privileged accounts and attempt brute force attacks, search for credentials, and change
permissions to take over the control. Detect:
Network Intrusion Detection System; Host-Based Intrusion Detection System
Deny:
Firewall Access Control Lists; Network Segmentation

Actions on Objective:-
The attacker finally extracts the data from the system. The objective involves gathering,
encrypting, and extracting confidential information from the organization’s environment.

Endpoint Malware Protection, Incident Response, Data Loss Prevention; Security Information
and Event Management (SIEM).

You might also like