The Cyber Kill Chain® framework, developed by Lockheed Martin, is a

component of the Intelligence Driven Defense® approach for detecting and

preventing cyber incursions. The model specifies what the opponents must do
to attain their goal.

The Cyber Kill Chain®'s seven steps provide visibility into an assault and deepen
an analyst's awareness of an adversary's tactics, techniques, and processes.
 1. RECONNASSIANCE--→

The term "reconnaissance" was originally used in military operations to

describe the preparatory inspections and exploration of hostile territory by
military forces in order to obtain enemy intelligence. Information collecting
about the target organisation is the process of reconnaissance in cyber security.
The first step in a hacking attempt for an attacker is to gather vital information
about the target so they may use it to exploit and breach the target networks.
By employing various recon techniques without interacting with the target
network, attackers can stealthily obtain sensitive and private information.

WAYS TO DO RECONNASSIANCE→

During reconnaissance work, the following sources of information are often used:

• Domains and subdomains

• Whois Information
• Directory info
• Amazon S3 Buckets
• Social media accounts (individuals and the company itself)
• Dark web breached accounts for the domains in question
• Calling individuals in the company to Social Engineer information about the
company out of them

TOOLS→

• Nmap
• Metasploit
• Wireshark
• Shodan
• Nessus
• OpenVAS
• Maltego
• Dmitry
• Hawkscan
• Traceroute NG
• Nslookup
• Recon-ng
 2. WEAPONIZATION--→

The Cyber Kill Chain's weaponization step begins after reconnaissance

and the attacker has gathered all pertinent data about possible targets,
including vulnerabilities. The culmination of the attacker's planning is the
production of malware that will be utilised against a designated target
during the weaponization stage. Making current tools into new forms of
malware or altering them to use in cyberattacks are examples of
weaponization. For instance, to construct a new Cyber Kill Chain tool,
thieves may make minimal changes to an existing ransomware variation.

WAYS OF WEAPONIZATION →
Weaponization can include creating new types of malware or modifying existingtools
to use in a cyberattack. For example, cybercriminals may make minor modifications
to an existing ransomware variant to create a new Cyber Kill Chain tool

TOOLS FOR WEAPONIZATION→

1.VIRUS
2.WORMS & MANY MORE

3. DELIVERY--→
In the delivery phase, users are reached by hacking into a target's
network and using other Cyber Kill Chain technologies. Delivery may
involve sending phishing emails with malware attachments and clickbait
subject lines to users. Delivery may also involve breaking into a
company's network and infiltrating it using a hardware or software
weakness.

4. EXPLOITATION--→
The next step is exploiting the vulnerabilities they discovered in the
earlier rounds of the cyber kill chain after the successful distribution of
malware or other types of hacking. Attackers can now penetrate a
 target's network further and discover new vulnerabilities that they were
not aware of when they got there.

They frequently transition from one system to another laterally at this

point, identifying other potential entrance opportunities along the way.
If there are no deception controls in place on the network, vulnerabilities
can now be found much more easily.

5. INSTALLATION--→

Next is the installation stage (also known as the privilege escalation

phase). The attacker tries to install malware and deploy other
cyberweapons within the target network in order to gain additional control
of more systems, accounts, and data. Strategies include installing malware
via:

• Trojan horses
• Access token manipulation
• Command-line interfaces
• Backdoors

Tactics begin to intensify, as attackers forcefully infiltrate the target

network, seeking out unprotected security credentials and changing
permissions on compromised accounts.

6.COMMAND AND CONTROL→

One of the crucial steps of the cyber security kill chain is the development
of a command and control channel (also known as the C2 phase). After
gaining control of part of their target’s system or accounts, the attacker can
now track,monitor and guide their deployed cyberweapons and tool stacks
remotely. This stage can be broken down into two methods:

• Obfuscation is the process by which an attacker makes it look like no

threat is present, essentially covering their tracks. This includes
methods such as file deletion, binary padding and code signing.
• Denial of service (DoS) is when cybercriminals cause problems in
other systems/areas to distract security teams from uncovering the
 core objectives of the attack. This often involves network denial of
service or endpoint denial of service, as well as techniques like
resource hijacking and system shutdowns.

7.ACTION ON OBJECTIVES→

The attacker initiates data theft, destruction, encryption, or exfiltration in

the kill chain. The eighth step, monetization, involves deriving income from
the attack. Organizations should stop threats early in the cyber attack
lifecycle to minimize risk and cost. Advanced remediation efforts are
required for attacks reaching the Command and Control phase.

THANK YOU
PREPARED BY-----NAVNEET NAYAK