Cyber Kill Chain
A component of intelligence-driven defens for the identification and prevention of malicious intrusion activities.
Cyber Kill Chain Methodology
What are the two types of reconnaissance?
Passive reconnaissance
active reconnaissance
Fires, floods, and power failures are types of what kind of threat source?
Natural
This malicious code is contained inside an apparently harmless program and activates when the user performs some predefined actions to create a covert communication channel between the victim machine and the attacker
Trojan
Two common reasons behind the existence of a vulnerability.
1. Hardware/software misconfiguration
2. Insecure/poor design of network/application
3. Inherent technology weaknesses
4. Careless end users
Adversary's tactics, techniques, and procedures beforhand.
Searching public records or news releases is a type of which sort of reconnaissance?
Passive Reconnaissance
What are the two types of intentional threat sources?
Internal and external
Name four indications there is a virus attack occuring
1. degraded performance 5. Computer freezes frequently
2. computer beeps with no display 6. files/folders are missing
3. OS does not load 7. suspicious hard drive activity
4. constant antivirus alerts 8. browser windows freezes
What TCP/IP protocols are inherently insecure? Name two
1. HTTP
2. FTP
3. ICMP
4. SNMP
5. SMTP
What step in the cyber kill chain creates a deliverable malicious payload using an exploit and a backdoor?
The weaponization phase
In the gaining access phase of the hacking cycle, what are the three levels at which an attacker can gain access?
The Operating system level, the application level, or network level
What is the malicious software that damages or disables computer systems and gives control to the attacker?
Malware
Blinking computer screen/backward display
Default background setting changing automatically
web pages open on their own
color settings change
Antivirus is automatically disabled and bizarre messages suddenly appearing are examples of what
Trojan attack
What may be used to identify exploitable weaknesses within a system and predict the effectiveness of additional security measures?
Vulnerability Assessment
The Exploitation phase
Attackers must always do what in order to hide their idetities?
Cover their tracks
What are three ways malware can enter a system?
1. Instant messenger applications 5. Downloading files from the internet
2. Removable devices 6. Email attachments
3. browser/email software bugs 7. installation by other malware
4. untrusted sites/freeware web apps/software 8. Bluetooth/wireless networks
How is a worm different from a virus?
A worm replicates on its own
a worm spreads through the infected network
What is the first step in the Vulnerability-Management life cycle?
Identify assets and create a baseline
What are the seven phases of the cyber kill chain in order
1. Reconnaissance 5. Installation
2. Weaponization 6. Command and Control
3. Delivery 7. Actions on Objectives
4. Exploitation
What are the five phases in the hacking cycle? (In order)
1. Reconnaissance 5. Clearing tracks
2. Scanning
3. Gaining Access
4. Maintaining Access
Name three types of malware.
1. Trojans 6. PUAs/Grayware
2. Viruses 7. Spyware
3. Ransomware 8. Keyloggers
4. Computer worms 9. Botnets
5. Rootkits 10. Fileless malware
1. Design 4. Detection
2. Replication 5. Incorporation
3. Launch 6. Execution of the damage routine
What is remediation, which is step four in the vulnerability management life cycle?
Remediation is the act of addressing vulnerabilities in your network/system in order to remove the security risk it creates.