
CYBER KILL CHAIN METHODOLOGY
The mantra of any good security engineer is ‘Security is not a product but a process.It’s more then designing strong cryptography into the system:It’s designing the entire system such that all security measures including different tools ,technologies and cryptography work together.’
There has been a lot of commotion in the security indutry in the recent past about the changing attack lifecycle and complexity in tracing a security incident.But when we go indepth and examining the chain of events related to a security incident they all hint to a known pattern or a way and the only thing that seems to have changed is the Delivery Mechanism including Malware Lateral Propagation using known SMB vulnerabilities ,open shares and etc.This articles is based on the kill chain Developed by Lockheed Martin and focusing on different ways on how to break this chain and other prevention mechanisms including Next generation ids,ips,Machine Learning and Defense in Depth.Let’s go through the Lockheed Martin Kill Chain.

Phase-1 RECONNAISSANCE
Before the actual attack actually takes place or an exploit is created ,, hackers perform reconnaissance of your environment to probe for weak points. They gather email addresses, names, linkedin probes,and get as clear of a picture as possible of your environment. It can be both Active or Passive where in the passive phase network scanning tools are used such as nmap,nessus,wpscan and etc.
Attacker vs Blue Teaming

PHASE-2 -WEAPONIZATION
The attacker uses an exploit and creates a malicious payload to send to the victim. This step happens at the attacker side, without contact with the victim.The attackers leverages different tools(Metasploit,Msfvenom,veil) write their own reverse shells.The reverse shells are created and are sometimes also injected to legitimate softwares hence acting as trojan and is finlly obfuscated in order to prevent detection.
Attacker vs Blue Team

PHASE-3-DELIVERY
The attacker sends the malicious payload to the victim by email or other means such as water holing, which represents one of many intrusion methods the attacker can use.I would request you to go through my article on phishng for greater depth. https://medium.com/@harshaunsingh/phishing-single-biggest-threat-52882f7546f
Attacker vs Blue Team

PHASE-4-EXPLOITATION
The actual execution of the exploit, which is, again, relevant only when the attacker uses an exploit. By exploiting weaknesses in your security, the hackers can execute their scripted code onto your environment.
Attacker vs Blue Team

Phase-5-INSTALLATION
The main aim in this phase is to establish a foothold in the environment.Now comfortably beyond your security systems, the malicious file can begin installing malware onto your environment.
Attacker vs Blue Team

PHASE-6- CONNECTIVITY TO COMMAND AND CONTROL
The attacker creates a command and control channel in order to continue to operate his internal assets remotely. This step is relatively generic and relevant throughout the attack. This is why ‘hunting’ has become so popular, looking for abnormal outbound activities like this.
Attacker vs Blue Team

PHASE-7- Actions On Objectives By Threat Actors: Once the cyber attacker establishes access to the organization they then execute actions to achieve their objectives/goal.This ranges from credential harvesting to account compromise or Persistence or even data Ex filtration.
Attacker vs Blue Team

Finally the most important thing is, it is the people who use ,administer and operate the computer system who are the most vulnerable link in the security chain, hence educating oneself and others is the most important thing.Regards — TURBANED SECUR!TY
