The Hacker's Workflow
The Hacker Workflow
Cybersecurity professionals are outwitted all the time, resulting in breaches, data leaks, downtime, etc. Utilizing their tools, processes, and products help remediate and manage the threat of the hacker. However, it takes more, but what is that “more”? Education on best practices, hardening methods, and understanding of threats in the wild is a start. But what about getting inside the mind and workflow of a hacker?The Cyber kill chain, developed by Lockheed Martin is an industry-accepted methodology, which outlines the 7 stages hackers utilize to own a target, this is the workflow of a hacker.
Lockheed Martin’s Cyber Kill Chain
1. Reconnaissance – Learn the environment, technical and Non-technical.
2. Weaponization – Develop the tools such as a payload to be used.
3. Delivery – Thumb drive drops, emails, injections into vulnerable targets.
4. Exploitation – Exploit discovered outdated/vulnerable products.
5. Installation – Set malware, virus, randsomware, etc on an asset.
6. Command & Control (C2) – Control of an asset, which can be utilized to pivot the network.
7. Actions of Objectives – Obtain data, blackmail, sabotage, payout.
By empowering IT and Security departments with the knowledge of the “kill chain”, they can develop, and deploy products and processes based off each stage rather attempting to reinvent the wheel of cyber security practices. This also allows for organizations to start with a foundation and build its security program with the actual threat in mind, rather looking for where fires can develop, or even finding fires that must be put out.