CYBER KILL CHAIN
Hi Dear THT Family
In this tutorial, I will define the Cyber Kill Chain and explain its stages one by one. The first one is "What is the Cyber Kill Chain?" Let's start with this question.
WHAT IS CYBER KILL CHAIN?
We can examine the Cyber Kill Chain as a model. This model constitutes the stages of a cyber attack to be carried out, and only if these 7 stages are successfully completed, the cyber attack will be successful. Success in each of the 7 stages will affect the other stages as well. It is very important to know the Cyber Kill Chain well in order to stand against and prevent cyber attacks and to reduce the impact of possible cyber attacks that can be tested by Cyber Security experts who ensure the security of any system. The main purpose of establishing the Cyber Death Chain is to classify the events that occur during the attack and to detect threats more easily. Now let's deal with these stages one by one and dwell on them;
STAGE 1 - RECONNAISSANCE
This is the information gathering stage. The attacker who wants to infiltrate the target system tries to collect information about the target using Social Engineering, OSINT, Network Mapping, Passive Information Collection and Active Information Collection methods.
Passive Information Gathering: It is a method of collecting information about the target system without directly communicating with the server.
Active Information Gathering: It is a method of collecting information by directly communicating with the server or system while collecting information about the target system.
STAGE 2 - WEAPONIZATION
This stage is the stage of collecting information about the target and determining which platforms and tools (Zer0day vulnerabilities, Malware etc.) should be used while infiltrating the target using these vulnerabilities. The attacker determines the best tool to infiltrate the target at this stage, also malware is created at this stage.
STAGE 3 - DELIVERY
At this stage, the malware which is created, is sent to the target by methods such as phishing and tunneling. At the same time, the method by which the written malware will be sent to the system is also determined at this stage.
STAGE 4 - EXPLOITATION
At this stage, the goal is to ensure that the written malware runs on the target system, and the malware which is sent to the system by the attacker starts to work on the target system and starts to exploit vulnerabilities at this stage.
STAGE 5 - INSTALLATION
This stage is the stage where the malicious software running successfully in the system ensures its permanence on the system by hiding or encrypting it. Malware gets a place in the system and installs itself in the system. Thus, control passes into the hands of the attacker.
STAGE 6 - COMMAND AND CONTROL
At this stage, through the malware that now has embedded in the system the attacker starts to control the system remotely with methods such as Tunneling, sends data on the system and learns more important information about the system, . This way, the attacker can erase the traces left behind.
STAGE 7 - ACTIONS ON OBJECTIVES
Now, every action (data change, deletion, attack on another system through the system) that the attacker, who has taken control over the target system, to achieve the attack goals are belongs to this stage. In short, the attacker tries to reach his goal in attacking the system at this stage, and every action he takes while achieving his goal is evaluated at this stage.
You can learn and understand the Cyber Kill Chain stages in a more memorable way with the table below;
Now let's sample our model;
- Reconnaissance Stage --> The attacker detects the e-mail addresses of the target using any of the information gathering methods.
- Weaponization Stage --> The attacker creates the malware to be sent to the target via e-mail in any file format (pdf, doc, etc.).
- Delivery Stage --> The attacker sends the malicious software to the target's mail address.
- Exploitation Stage --> Attacker's malware begins to exploit target vulnerability
- Installation Stage --> The malware installs itself in the registry part.
- Command And Control Stage --> The attacker communicates with the system through Encrypted Communication.
- Actions On Objectives Stage --> Attacker hijacks information on the target system.
I thank you all for reading my tutorial, I wish you have a good time in the forum...
Source: https://www.turkhackteam.org/siber-guvenlik/1857883-siber-olum-zinciri-cyber-kill-chain-blackcoder.html
Translator: Dolyetyus
Hi Dear THT Family
In this tutorial, I will define the Cyber Kill Chain and explain its stages one by one. The first one is "What is the Cyber Kill Chain?" Let's start with this question.
WHAT IS CYBER KILL CHAIN?
We can examine the Cyber Kill Chain as a model. This model constitutes the stages of a cyber attack to be carried out, and only if these 7 stages are successfully completed, the cyber attack will be successful. Success in each of the 7 stages will affect the other stages as well. It is very important to know the Cyber Kill Chain well in order to stand against and prevent cyber attacks and to reduce the impact of possible cyber attacks that can be tested by Cyber Security experts who ensure the security of any system. The main purpose of establishing the Cyber Death Chain is to classify the events that occur during the attack and to detect threats more easily. Now let's deal with these stages one by one and dwell on them;
STAGE 1 - RECONNAISSANCE
This is the information gathering stage. The attacker who wants to infiltrate the target system tries to collect information about the target using Social Engineering, OSINT, Network Mapping, Passive Information Collection and Active Information Collection methods.
Passive Information Gathering: It is a method of collecting information about the target system without directly communicating with the server.
Active Information Gathering: It is a method of collecting information by directly communicating with the server or system while collecting information about the target system.
STAGE 2 - WEAPONIZATION
This stage is the stage of collecting information about the target and determining which platforms and tools (Zer0day vulnerabilities, Malware etc.) should be used while infiltrating the target using these vulnerabilities. The attacker determines the best tool to infiltrate the target at this stage, also malware is created at this stage.
STAGE 3 - DELIVERY
At this stage, the malware which is created, is sent to the target by methods such as phishing and tunneling. At the same time, the method by which the written malware will be sent to the system is also determined at this stage.
STAGE 4 - EXPLOITATION
At this stage, the goal is to ensure that the written malware runs on the target system, and the malware which is sent to the system by the attacker starts to work on the target system and starts to exploit vulnerabilities at this stage.
STAGE 5 - INSTALLATION
This stage is the stage where the malicious software running successfully in the system ensures its permanence on the system by hiding or encrypting it. Malware gets a place in the system and installs itself in the system. Thus, control passes into the hands of the attacker.
STAGE 6 - COMMAND AND CONTROL
At this stage, through the malware that now has embedded in the system the attacker starts to control the system remotely with methods such as Tunneling, sends data on the system and learns more important information about the system, . This way, the attacker can erase the traces left behind.
STAGE 7 - ACTIONS ON OBJECTIVES
Now, every action (data change, deletion, attack on another system through the system) that the attacker, who has taken control over the target system, to achieve the attack goals are belongs to this stage. In short, the attacker tries to reach his goal in attacking the system at this stage, and every action he takes while achieving his goal is evaluated at this stage.
You can learn and understand the Cyber Kill Chain stages in a more memorable way with the table below;
Now let's sample our model;
- Reconnaissance Stage --> The attacker detects the e-mail addresses of the target using any of the information gathering methods.
- Weaponization Stage --> The attacker creates the malware to be sent to the target via e-mail in any file format (pdf, doc, etc.).
- Delivery Stage --> The attacker sends the malicious software to the target's mail address.
- Exploitation Stage --> Attacker's malware begins to exploit target vulnerability
- Installation Stage --> The malware installs itself in the registry part.
- Command And Control Stage --> The attacker communicates with the system through Encrypted Communication.
- Actions On Objectives Stage --> Attacker hijacks information on the target system.
I thank you all for reading my tutorial, I wish you have a good time in the forum...
Source: https://www.turkhackteam.org/siber-guvenlik/1857883-siber-olum-zinciri-cyber-kill-chain-blackcoder.html
Translator: Dolyetyus
