CySA+
  • CySA+ CS0-002 Exam Objectives
  • Threat Intelligence Cycle
  • Intelligence Sources
  • Security Intelligence Sharing
  • Threat Classification and Threat Actors
  • Threat Research and Indicators of Compromise
  • Attack Frameworks and The Cyber Kill Chain
  • Defining Threat Modeling and Threat Hunting
  • Vulnerability Identification and Validation
  • Vulnerability Scan Results and CVSS Scores
  • Nmap and Enumeration
  • Security Controls
  • Defense in Depth Security Baselines
  • Security Trend Analysis
  • Remediation Issues
  • Asset, Change, and Configuration Management
  • Software Development Lifecycle & Development Models
  • Software Assessment and Code Review
  • Mitigating Attack Types Part 1
  • Mitigating Attack Types Part 2
  • Mitigating Attack Types Part 3
  • Password Cracking and Hashing
  • Privilege Escalation & Man-in-the-Middle
  • Network Based IoCs
  • Host Based IoCs
  • Network Architecture and Segmentation
  • Network Traffic, Packet, and Protocol Analysis
  • Pentesting and Active Defense
  • Firewalls
  • URL Analysis & DNS in Malware
  • Network Access Control and Port Security
  • Identity and Access Management (IAM)
  • Web Application Scanners
  • SSL/TLS Digital Certificate Management
  • Mobile Threats
  • Email Threats and Mitigation
  • Data Loss Prevention (DLP)
  • Endpoint Security and Behavior Analysis
  • Hardware Assurance
  • Blackholes and Sinkholes
  • IoT, Embedded Systems & ICS/SCADA Threats
  • Log Analysis & Continuous Security Monitoring
  • SIEM and Event Correlation
  • Malware Analysis
  • Cloud Models and Service Threats
  • Cloud Automation and Other Cloud Threats
  • VDI, Containers, and Microservices
  • CI/CD, IaC, DevOps
  • AI and Machine Learning
  • Digital Forensics
  • Technical Controls for Securing Data
  • Non-Technical Controls for Securing Data
  • Security Policies and Procedures
  • Continuity Planning and Risk Assessment
  • Incident Response Phases and Communication
Powered by GitBook
On this page

Attack Frameworks and The Cyber Kill Chain

PreviousThreat Research and Indicators of CompromiseNextDefining Threat Modeling and Threat Hunting

Last updated 2 years ago

  • Attack Frameworks describe the attack and the attacker

  • The Cyber Kill Chain

    • Introduced by Lockheed Martin

    • Defines attack phases

    • Mainly related to APTs

    • IoC, TTPs

    • Mitigation methods

  • AT&T Internal Cyber Kill Chain Model

  • Defending at each phase in the cyber kill chain

    • Recon

      • Reduce attack surface

      • Don’t overshare information

    • Weaponization

      • Update, Patch, fix

      • Install technical controls

    • Delivery

      • Mass storage restrictions

      • User training

    • Exploitation

      • Update, patch, fix, again..

    • Installation

      • Endpoint security

      • User awareness

    • Command and Control

      • Endpoint security

      • Filtering outbound traffic

    • Action on Objectives

      • Access control systems

      • Good luck…

    • More detailed than cyber kill chains

  • The Diamond Model of Intrusion Analysis

    • Describes a single intrusion event

    • Relationships between

      • Adversary

      • Capabilities

      • Victim

      • Infrastructure

    • Assumes additional information

    • Meta-features

      • Timestamp

      • Phase

      • Result

      • Direction

      • Method

      • Resources

      • Confidence

      • Threads show how an attacker behaves during an attack

      • Multiple threads possible

        • For multiple attacker

        • For multiple victims

      • Best for describving pivoting

        • Moving from one target to next

MITRE ATT&CK framework
the Cyber Kill Chain®
insider threats and cyber kill chain
exfiltration of insider data
Diagram Description automatically generated
Chart, line chart Description automatically generated