As a beginner in Ethical Hacking, you should know the Cyber Kill Chain. It is a conceptual framework designed in 2011 by Lockheed Martin. It breaks down a cyberattack into the following seven (7) sequential stages.
The model identifies what an attacker must complete in order to achieve their objective. It also helps enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques and procedures.
Cyber Kill Chain Sequential Stages
Here is a brief description of the seven stages.
- Reconnaissance: Information gathering e.g., employee e-mail addresses, IP address scanning, port scanning, checking software versions, network configurations, etc.
- Weaponization: Crafting a malicious payload e.g., creating a vulnerability specific to a target (people, systems, apps, OS, website, etc.), taking advantage of a specific software vulnerability in the target’s environment.
- Delivery: Delivering the payload to a target e.g., phishing email, link to compromised websites to steal credentials.
- Exploitation: Exploiting a vulnerability e.g., unauthorized use of stolen credentials, execution of malware without the target’s knowledge, etc.
- Installation: Installing a malicious payload (writing files to the system or modifying registry entries) that provides ongoing access to the attacker. e.g., a Remote Access Trojan (RAT) or a severe case of Advanced Persistent Threat (APT).
- Command and Control: Malware initiating contact with a remote server controlled by the attacker instructing the target system to execute further actions.
- Actions: Executing attacker’s intent e.g., stealing sensitive information, defacing a website, denial of services, deploying ransomware to encrypt files, and then demanding a ransom for decryption.
Knowing these would help you identify, monitor, and interrupt an attack at any of the stages. You would be able to efficiently detect threats, respond appropriately, and improve your overall defense strategies.
