Kaushal Patel

Sep 25, 20203 min

Cybersecurity Fundamental - Cyber Kill Chain

Hello Readers ! Today I am giving you an overview of Cybersecurity Fundamentals on Defender's perspective. How to prevent the cyberattacks using cyber kill chain.

Here, I am giving you the short information which helps you for easy to remember. You can easily find the brief description over internet but here you can make an easy note to remember.

Let get started.

Cyberattack Kill Chain

-Defender's Perspective

Attack Kill Chain :-

- driven by military model

- by Lockheed Martin

- Industries-accepted Methodology

Steps:-

- Reconnaissance

- Weaponizations

- Delivery

- Exploitation

- Installation

- Command And Control

- Action On Objectives

Reconnaissance

- Honeypot

- Firewall

- Public Info

Honeypot:

- Setup inside, outside in DMZ of a firewall

- Described as,

- Production Honeypots

- Research Honeypots

Production Honeypots:

- Low-interaction pots

- Easy to deploy

- Gives less info about attacks and attackers than research Honeypots

Research Honeypots:

- Gather info about the motive and tactics of Black Hat communities

- Complex to deploy and maintain

- Capture extensive information

- Used primarily in military, large government organizations and

private organizations for research purpose

Note: Honeypots based on design criteria

- Pure Honeypots

- High-interaction Honeypots

- Low-interaction Honeypots

Basic honeypot tools, - "Pentbox" - Kali Linux

Firewalls

There are 8 - types of firewall

  1. Packet-Filtering Firewalls

  2. Circuit-Level Gateways

  3. Stateful inspection gateways Firewall

  4. Application-Level Gateways

  5. Next-Gen Firewall

  6. Software Firewall

  7. Hardware Firewall

  8. Cloud Firewall

* Last 3 are the methods of Functions delivery Firewall

Weaponization

- Patch Management

- Disabling Macros

- Anti-Virus

Patch Management:

- Exploit are used or loophole in security that haven't fixed yet

- Nearly impossible to find breach to completely patched system

Disabling Macros:

- Hacker may use office's macro function to create backdoor attacks

- Disable the macros to prevent backdoor attacks

Anti-Virus:

- Software to developed for detect viruses or removed them from systems

- It protects user and it's data from numerous attacks vectors

- Hence, sabotaging the weaponizations process

Delivery

- User Awareness

- Web Filtering

- Avoiding USB

User Awareness:

- Aware users to avoiding malicious or suspicious websites or web links

like"Phishing"

Web Filtering:

- Granted only trusted websites

- Prevent users to reaching untrusted sites or web links

Avoid USB:

- Avoid unknown USB devices will prevent. - way of delivery

- Block or monitored USB hardware and services

Exploitation

- Data Execution Prevention

- Anti - Exploit

- Endpoint Protection

DEP (Data Execution Prevention):

- It is group of hardware and software technology that prevent

additional memory check to prevent malicious codes from

running on system

Anti - Exploit:

- Additional Layer Of Security

- Blocking the techniques used by an attacker

Endpoint Protection:

- ESET (Essential Security against Evolving Threats) can be used for

both personal and Enterprise grade protection

- ESET identifies and block malware, virus, Trojans and spyware

- Provide protection against Network Threats

Installation

- Disable PowerShell

- EDR (Endpoint Detection and Response)

Disable PowerShell:

- Advance shell for automation and configuration management framework

From Microsoft.

- Such tool is very dangerous in the wrong hands

EDR (Endpoint Detection and Response):

- It detects advance, unknown and evasive threats that bypass Antivirus

- Analyst may use it to automate much of the hunting process to save time

Command and Control

- Isolating device from network

- Block Access Protocols

Isolating device from network:

- If the attacker managed to gain control over system

- Isolating the device from the network to prevent lateral movements inside

the organization

Block Access Protocols:

- Block protocols like, Netcat, Telnet, SSH, RDP

Action On Objective

- Data Loss Prevention

- User Behavior Analysis

- Network Segmentation

Data Loss Prevention:

- Basically work on CIA (Confidentiality, Integrity, Availability) tried

- Fundamentals of DLP (Data Loss Prevention)

  1. Authentication - Verification that users identify themselves correctly

  2. Access Control - only valid users are allowed

  3. Audit - Recording of all authorized actions

  4. Privacy - Users has control of information to them and how it is exposed

  5. Non-Repudiation - Users can't deny that an action actually occurred

User Behavior Analysis:

- User behavior analysis is the process of detecting of inside threats,

targeted attacks and financial fraud.

Network Segmentation:

- Splitting computer network into sub-networks

- Segmentation of an organization's network to improve security

Thanks for reading, I hope you liked this blog.

Happy Learning!!!