Harshaun Singh
Sep 6, 2018 · 4 min read
CYBER KILL CHAN PREVENTION

CYBER KILL CHAIN METHODOLOGY

The mantra of any good security engineer is ‘Security is not a product but a process.It’s more then designing strong cryptography into the system:It’s designing the entire system such that all security measures including different tools ,technologies and cryptography work together.’

There has been a lot of commotion in the security indutry in the recent past about the changing attack lifecycle and complexity in tracing a security incident.But when we go indepth and examining the chain of events related to a security incident they all hint to a known pattern or a way and the only thing that seems to have changed is the Delivery Mechanism including Malware Lateral Propagation using known SMB vulnerabilities ,open shares and etc.This articles is based on the kill chain Developed by Lockheed Martin and focusing on different ways on how to break this chain and other prevention mechanisms including Next generation ids,ips,Machine Learning and Defense in Depth.Let’s go through the Lockheed Martin Kill Chain.

Developed by Lockheed Martin-CREDITS-https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Phase-1 RECONNAISSANCE

Before the actual attack actually takes place or an exploit is created ,, hackers perform reconnaissance of your environment to probe for weak points. They gather email addresses, names, linkedin probes,and get as clear of a picture as possible of your environment. It can be both Active or Passive where in the passive phase network scanning tools are used such as nmap,nessus,wpscan and etc.

Attacker vs Blue Teaming

Phase-1 -RECONNAISSANCE

PHASE-2 -WEAPONIZATION

The attacker uses an exploit and creates a malicious payload to send to the victim. This step happens at the attacker side, without contact with the victim.The attackers leverages different tools(Metasploit,Msfvenom,veil) write their own reverse shells.The reverse shells are created and are sometimes also injected to legitimate softwares hence acting as trojan and is finlly obfuscated in order to prevent detection.

Attacker vs Blue Team

Phase-2-WEAPONIZATION

PHASE-3-DELIVERY

The attacker sends the malicious payload to the victim by email or other means such as water holing, which represents one of many intrusion methods the attacker can use.I would request you to go through my article on phishng for greater depth. https://medium.com/@harshaunsingh/phishing-single-biggest-threat-52882f7546f

Attacker vs Blue Team

PHASE-3-DELIVERY

PHASE-4-EXPLOITATION

The actual execution of the exploit, which is, again, relevant only when the attacker uses an exploit. By exploiting weaknesses in your security, the hackers can execute their scripted code onto your environment.

Attacker vs Blue Team

Phase-4-Exploitation

Phase-5-INSTALLATION

The main aim in this phase is to establish a foothold in the environment.Now comfortably beyond your security systems, the malicious file can begin installing malware onto your environment.

Attacker vs Blue Team

Phase 5 INSTALLATION

PHASE-6- CONNECTIVITY TO COMMAND AND CONTROL

The attacker creates a command and control channel in order to continue to operate his internal assets remotely. This step is relatively generic and relevant throughout the attack. This is why ‘hunting’ has become so popular, looking for abnormal outbound activities like this.

Attacker vs Blue Team

PHASE-6 C2 CONNECTIVITY

PHASE-7- Actions On Objectives By Threat Actors: Once the cyber attacker establishes access to the organization they then execute actions to achieve their objectives/goal.This ranges from credential harvesting to account compromise or Persistence or even data Ex filtration.

Attacker vs Blue Team

PHASE-7-Threat ACTORS Objectives

Finally the most important thing is, it is the people who use ,administer and operate the computer system who are the most vulnerable link in the security chain, hence educating oneself and others is the most important thing.Regards — TURBANED SECUR!TY

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade