CSA Tutoring I Cyber Kill Chain, Linux, Lucid

Tango Brett - January 6, 2021

For the first CSA tutoring post we will cover the tools or malware that matches each stage of the Cyber kill chain and several other topics.

Lockheed Martin Cyber Kill Chain graphic

Stage 1 Reconnaissance: Take a look at what is happening. Harvesting email addresses, conference information, etc.

Let’s find the names of some malware that can accomplish this. First can we be any more specific about what the reconnaissance is doing? Seeking information that reveal vulnerabilities in the system. Specifically? Firewalls, intrusion detection systems, operating systems, applications (and their version). Is that enough information yet? no? What if we add: packet sniffing, port scanning and OSINT?

One important note before we move on: The attacker is usually assessing the target from outside the organization. Take a minute to research “black box” on google. and moving on..

Now can we determine the names of reconnaissance malware and tools? Give it a go on google search.

Keep searching.

Ok let’s compare notes: I’ve got wireshark, nmap, and netcat.

Stage 2 Weaponization:  Coupling exploit with a backdoor into a deliverable payload. Worded another way: The threat actor now develops malware specially crafted to the vulnerabilities discovered in the Reconnaissance stage.

Before we move to tools and malware what are the attackers goals at this stage?

Join our community

We have a Discord server where you’ll be able to chat with your instructors and cohort. Stay active in your learning!
Join discord