Kill chain
Exploitation
Once delivered, the weapon's code is triggered, exploiting vulnerable applications or systems
Command & Control
Outside server communicates with the weapons providing "hands on keyboard access" inside the target's network
Weaponization
Pairing remote access malware with exploit into a deliverable payload (ex: adobe PDF and Microsoft Office files)
7
actions on objective- the attacker works to achieve the objective of the intrusion, which can include exfiltration or destruction of data, or intrusions of another target
kill chain is an....
end-to-end process described as a "chain" because only the deficiency will interrupt the entire process
4
exploitation- once delivered, the weapon's code is triggered, exploiting vulnerable applications or systems
U.S military targeting doctrine defines the steps of the process as
find, fix, track, target, engage, and access
5
installation- the weapon installs a backdoor on a target's system allowing persistent access
kill chain in order
1- reconnaissance 2-weaponization 3-delivery 4-exploitation 5-installation 6-command & control 7-actions on objective
according to the reading a kill chain
is a systematic process to target and engage an adversary to create desired effects
kill chain
phase-based model to describe the stages of an attack, which also helps inform ways to prevent such attacks
Reconnaissance
Research, identification, and selection of targets
Delivery
Transmission of weapon to target (ex: via email attachments, websites, or USB drives)
intrusion
attack
6
command & control- outside server communicates with the weapons providing "hands on keyboard access" inside the target's network
server
computer that serves a specific purpose potentially for more than 1 user
3
delivery- transmission of weapon to target
1
reconnaissance -research, identification, and selection of targets
node
sever
Actions on Objective
the attacker works to achieve the objective of the intrusion, which can include exfiltration or destruction of data, or intrusion of another target
installation
the weapon installs a backdoor on a target's system allowing persistent access
2
weaponization-pairing remote access malware with exploit into a deliverable payload