DFIR Blog
  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity

Incident Response Forensics

Cyber Kill Chain Model - Lookheed Martin

7/23/2019

 
Cyber kill chain is another way to look at the incident response process. Think from the attacker perspective.There are 7 Phases in this model:
1) Reconnaissance: Gather information about the organization by using all the tools at disposal. Other hard to detect and distinguish from the normal user activity.
2) Weaponization: In this phase an adversary will decide things like what malware to use, word doc or something else, shell code or power-shell script, etc.
3) Delivery: The intruder will decide how to deliver the payload for example phishing or not phishing, exploiting some vulnerability etc.
4) Exploitation: In this phase, the software, human or hardware vulnerabilities are exploited
5) Installation: The adversary will establish the foothold in this phase by moving laterally and establishing persistence etc.
6) Command and Control: The communication channel will be established between the payload and the control channel.
7) Action on Objective: The intruder will execute his/her objective. It may be data exfiltration, it may be denial of service etc.

mnemonic: Rob wrestled Dave everyday in the common area


Comments are closed.

    Archives

    April 2020
    September 2019
    August 2019
    July 2019
    June 2019
    April 2019
    February 2019
    March 2018

    Categories

    All
    Aws
    Cloud
    Dfir
    Incident Response
    Linux
    Recon

    RSS Feed

  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity