Understanding Cyber Kill Chain Methodology | Episode #3 |
Hello and Welcome back, my aspiring hackers to our Pentesting series, where we learn pentesting and infosec from scratch. In the last episode, we learn about the various pillars of information security which we called the “CIA Triad”, If you missed that class, don’t worry. You can check it here.
Now, continuing with today’s class, today we will be learning about the Cyber Kill Chain Methodology. I won’t stretch it long. Let’s see quickly what is a Cyber Kill Chain Methodology and how you can encapsulate it into your methodology while performing a pentest.
What is Cyber Kill Chain Methodology?
Cyber Kill Chain Methodology is the series of steps taken by the adversary or an advanced persistent threat (APT) in order to compromise a system’s security and the confidentiality, availability, and integrity of its data. In other words, it is the steps taken by an attacker to compromise a system and achieving malicious goals. Now let’s dive into the various steps taken into the process.
- Reconnaissance – Attacker gathers information about the target system. In this step, the attacker gathers as much information as possible about the target before launching an attack. With proper research, one can pull out a strong and lethal attack on the target, which is sometimes impossible to prevent.
- Weaponization – The attacker creates malware for the target. With Proper Research in the first step, the attacker then plans with the obtained information, how to attack the target and design specially crafted malware for the target.
- Delivery – The attacker uses different delivery methods to send the malware to the target. Now, when the malware is ready, attackers use different delivery techniques to get the malware into the target system like malicious USBs, Email attachments, Macros, water holing, etc.
- Exploitation – Once the malware executes on the target system, it gives completes access to the attacker.
- Installation – Attacker install more malware like virus, Trojans, rootkits and perform privilege escalation.
- Command & Control – Attacker establishes a Command and Control (C&C) Server to persist his access.
- Actions on Objectives – Attackers now have full access and now he/she can fulfill desired objectives like ransomware, data exfiltration, etc.
So, this was a brief and easy-to-understand explanation on Cyber Kill Chain Methodology, by this, you can now understand a mindset of an attacker and how the attack works. So, that’s it for today, I will meet you in the next one, till then “Happy Hacking”.