A Cyber Security Kill Chain framework is developed by Lockheed Martin which applies to Cyber Security and is part of the Intelligence Driven Defense model for identification and prevention of cyber intrusions activity.
This involves 7 segments. We will discuss them one by one.
The first step most advanced attackers take is research. This is all about information gathering. It is also called observation stage. Attackers typically assess the situation from the outside-in, in order to identify both targets and tactics for the attack.
- Social Media
After the assessment and analysis of the target, there is sufficient data to develop a weapon to exploit it. For example when you know that your enemy is under 10mm steel bunker, you wont go there with 9mm pistol. There for a weapon in form of payload, code, request etc is prepared in order to take advantage of the situation.
- Veil Framework
- Sometimes no tools can but research helps
The weapon need to be delivered to the target in order to effect. Therefor this step defines the delivery of the payload to the target via appropriate pedium.
- http requests
- Pendrives or other storage mediums
- Social Media
Exploitation is defind as a step where a weapon/payload is exeecuted to give initial foothold to a attack factor.
There are two important things to note:
1. Exploitation cannot exist without vulnerability.
2. Not all vulnerabilities are technical.
Delivery of malicious code and a successful exploitation opens up an opportunity. Namely, a foot in the door to your network for the unauthorized installation of Malicious software, aka malware. Essentially, exploitation is a precursor for the next stage of an attack, Installation.
- Rat (Remote Access Trozen)
6. Command and Control
This involves to get the ability to remote manipulation and a stable control of the target.
7. Actions on Objective
“With hands-on keyboard access, intruders accompplish their original goal.”
This is full compromise of the target. Now the attacker and establish the goal of the attack.
- Data leaks
- Unauthorised access to various other connected entities
- And so on.
The whole Cyber Security can be simplified into lesser steps. (I do this to eliminate complexity.)
Gather all the required information on the target. Assess the security loopholes and potential point of entry.
Use the loophole the exploit it. Determine what is best for the scenario. Some times all the attack vectors need to be tried on every potential entry point.
3. Lateral Movement
Initial foot hold is done. Now assess the capabilities, gather information, and prepare for next move. Basically (1. Recon) is repeated.
In general the priviledge is limited in initial foot hold. The next primary target to get extended priviledge to the system or network.
5. Have Fun!!!
Now just have fun. System is yours. Add backdoors, clean logs, delete history, remove cache and so on.