CTI Midterm 2-Question with Correct Answers/ Verified
3 views 0 purchase
Course
CTI
Institution
CTI
cyber kill chain -️️One of the first ways to analyze all the threat data is to map the event data
to a _
a systematic process to target and engage an object to create desired effects -️️Kill chain
Find, Fix, Track, Target, Engage, Assess -️️the US military targeting doctrine defines ...
CTI Midterm 2-Question with Correct Answers/ Verified
cyber kill chain - ✔️✔️One of the first ways to analyze all the threat data is to map the event data
to a _
a systematic process to target and engage an object to create desired effects - ✔️✔️Kill chain
Find, Fix, Track, Target, Engage, Assess - ✔️✔️the US military targeting doctrine defines the steps of
the kill chain process as:
any one deficiency will interrupt the entire process - ✔️✔️the kill chain integrated end-to-end
process is described as a "chain" because _
fit cyber applications - ✔️✔️the kill "chain" has been adapted to _
trying to get into your network - ✔️✔️ATT&CK tactic: Initial Access
trying to run malicious code - ✔️✔️ATT&CK tactic: Execution
trying to maintain their foothold - ✔️✔️ATT&CK tactic: Persistence
trying to gain higher-level permissions - ✔️✔️ATT&CK tactic: Privilege Escalation
trying to avoid being detected - ✔️✔️ATT&CK tactic: Defense Evasion
trying to steal account names and passwords - ✔️✔️ATT&CK tactic: Credential Access
trying to figure out your environment - ✔️✔️ATT&CK tactic: Discovery
trying to move through your environment - ✔️✔️ATT&CK tactic: Lateral Movement
trying to gather data of interest to their goal - ✔️✔️ATT&CK tactic: Collection
,trying to communicate with compromised systems to control them - ✔️✔️ATT&CK tactic:
Command and Control
trying to steal data - ✔️✔️ATT&CK tactic: Exfiltration
trying to manipulate, interrupt, or destroy your systems and data - ✔️✔️ATT&CK tactic: Impact
1. Reconnaissance, 2. Weaponization,
3. Delivery,
4. Exploit,
5. Installation,
6. Command and Control,
7. Actions on Objectives - ✔️✔️Lockheed Martin Cyber Kill Chain (order of phases)
(IDENTIFY THE TARGETS)
research, identification, and selection of targets within organization,
ex: Facebook, Twitter, and LinkedIn searches - ✔️✔️Reconnaissance
(PREPARE THE OPERATION)
coupling exploit with backdoor into deliverable payload, ex: coupling a remote access Trojan (RAT)
to a PDF file - ✔️✔️Weaponization
(LAUNCH THE OPERATION)
delivering a weaponized bundle to the victim, ex: emailing the PDF to targeted user(s) -
✔️✔️Delivery
(GAIN ACCESS TO VICTIM)
,exploiting a vulnerability to execute code on victim's system, ex: PDF file executes malicious program
- ✔️✔️Exploit
(ESTABLISH BEACHHEAD AT THE VICTIM)
installing malware on the asset, ex: RAT installs on machine(s) - ✔️✔️Installation
(REMOTELY CONTROL THE IMPLANTS)
creates an outbound connection to attacker machine to allow hackers to remotely control
machine(s) - ✔️✔️Command and Control
(ACHIEVE THE MISSION'S GOAL)
with 'Hands on Keyboard' access, intruders accomplish their original goals, ex: lateral movement to
domain controller - ✔️✔️Actions on Objectives
linked to courses of action - ✔️✔️the cyber kill chain can provide powerful actionable intelligence
when _
particular measures that can be used for particular stages of an attack - ✔️✔️courses of action
identify _
-detecting reconnaissance as it happens can be very difficult
-discovering recon (even well after the fact) can reveal the adversaries' intent -
✔️✔️Reconnaissance: Defender (description)
1. Collect website visitor logs for alerting and historical searching
2. Collaborate with web admins to utilize their existing browser analytics
3. Build detections for browsing behaviors unique to recon
4. Prioritize defenses around particular technologies for people based on recon activity -
✔️✔️Reconnaissance: Defender (4 actions)
-prep and staging phase
-likely use automated tools for malware generation
-a weaponizer couples malware and exploit into a deliverable payload - ✔️✔️Weaponization:
Adversary (description)
1. Obtain a weaponizer, either in-house or obtain through public or private channels
2. For file-based exploits, select "decoy" document to present to the victim
3. Select backdoor implant and appropriate command and control infrastructure for operation
4. Designate a specific "mission id" and embed in the malware
5. Compile the backdoor and weaponize the payload - ✔️✔️Weaponizer: Adversary (5 actions)
-essential phase for defenders to understand
-though they can't detect weaponization as it happens, they can infer it by analyzing malware
artifacts - ✔️✔️Weaponization: Defender (description)
1. Conduct full malware analysis - not just what payload it drops, but how it was made
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller MikeHarris. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
