Basics Of Cyber Kill Chain Model

Cyber Kill Chain Model 

In military strategy, a 'Kill Chain' is a phase model to describe the stages of an attack, which also helps inform ways to prevent attacks

  • Situational Awareness - Ability to identify what is happening in the networks and system landscape
  • Reconnaissance - Identification and selection of the target/s host or network by active scanning
  • Weaponization & delivery - Transmission / Inject of the malicious payload in to the target/s
  • Lateral Movement - Detect, exploit and compromise other vulnerable hosts
  • Data Exfiltration - Steal and exhilarate data
  • Persistency - Establish a foothold in the corporate network

Situational Awareness

  • Outbound protocols
  • Outbound protocols by size
  • Top destination Countries
  • Top destination Countries by size

Reconnaissance

  • Port scan activity
  • ICMP query

Weaponization & delivery

  • Injection
  • Cross Site Scripting
  • Cross Site Request Forgery
  • Failure to Restrict URL
  • Downloaded binaries
  • Top email subjects
  • Domains mismatching
  • Malicious or anomalous Office/Java/Adobe files
  • Suspicious Web pages (iframe + [pdf|html|js])

Lateral Movement

  • Remove or add account
  • Remote WMI communications
  • Remote Group Policy Editor
  • Remote Session Communications (during outside working hours?)
  • Antivirus terminated

Data Exfiltration

  • Upload on cloud storage domains
  • Suspicious HTTP Methods (Delete, Put)
  • Uploaded images
  • FTP over non standard port
  • IRC communication
  • SSH | ICMP Tunneling

Persistency

  • Unusual User Agents
  • Outbound SSL VPN
  • Outbound unknown

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

Best of the World Talks on The CISO's Journey: From Expert to Leader

  • Description:

    We are hosting an exclusive "Best of the World" Talks session on "The CISO’s Journey: From Expert to Leader" featuring David B. Cross (SVP & CISO at Oracle), Bikash Barai (Co-founder of CISO Platform & FireCompass) & David Randleman (Field CISO at FireCompass).

    The journey from cybersecurity expert to strategic leader is a transformative one for CISOs. This session delves into the stages of a CISO’s evolution, the balance…

  • Created by: Biswajit Banerjee
  • Tags: ciso