1.2 The Cyber Kill Chain

00:00

Hey, guys, I won't come back to the cyber Clinton course in Savary. This is a German name and this episode we're going to talk about the cybercult Ian,

00:08

in this video, we're going to cover the Sabbath cult. Ian, we're going to briefly talk about the steps of the Sabra cult in, and we're going to end with how to use a savage guilty in defense.

00:20

So if you go ahead then Google Sabra Kel chain, you might find a number of varieties. However, one of the most accepted ones by the Sabra skating community is the look it Martin cyberculture. It was derived from the military. Guilty were described this structure of an attack

00:36

and military. They have a two different varieties, or number of right is one of the most popular is the F to T to ee ay, which stands for find fixed target. Sorry. Find fix, track, target engaged and assists. There's a number of other ones, such as find fixed, fight and finish.

00:55

But these are

00:57

a legacy terminology or an older terminology. Luckily, the cybersecurity contain is none of these. We don't have finished an hour termine ality.

01:07

However, in this case, it's the seven pays or seven step description of a targeted attack. It starts with the con or reconnaissance, which includes research, identification and selection of target. And this might be one of the most overlooked phases. However, in my own opinion, I think

01:26

this might be the most important one.

01:30

It's crucial to have good reconnaissance because you're going to use each off the information that you gain through the Constance throughout the rest off the cybercult in.

01:42

And the next step is organization which and this step you're going to use the information that you gain

01:49

during reconnaissance on Kate weapons based on your research.

01:55

Once this weapon or the payload is created, you go to delivery again. You're going to use the information you get from reconnaissance. So if you know they have an FTP port open, you can deliver it using that and open FTP port.

02:07

If you know that the system admin is interested in cars, you can create a social engineering campaign that would actually be of interest in. So this is why, again, reconnaissance is one if the most important steps. After that, we moved to exploitation

02:28

on DDE

02:29

and exploitation. We merge or mix of the organization with reconnaissance

02:35

because we're using the vulnerabilities or the vulnerability that we learned about the Constance and he doesn't our weapons for during exploitation to be able to

02:46

exploit this vulnerability on the targeted system.

02:50

Once this is done, our payload is going to install a backdoor for us. Now that we have a back door. Now that we have a, uh,

02:59

a M put inside or an application or malware inside the environment, we need some way or some talent to communicate with it. That's when command and control comes in.

03:10

So in commanding patrol trying to do is we're trying to control our payload or control our back door that we installed and face five. As you can see, we're building up. Every step builds on the one before. So again, going back to the Constance to Constance is the base that you build the whole cyber

03:30

chain on top of.

03:32

So once we have this commanding control, we completed the first. Except now there's an objective that I created. This stuck to the tax for Andi the seventh phase with the seven step off the cybercult chain. Reaction on the subjective whether it was data leakage. Weather was destruction

03:53

or any other objectives.

03:53

That happens in phase six.

03:59

So

04:00

now I we talked about using the Sabra Kill Teen

04:04

An attack. But we can also use it

04:08

for defense

04:11

because, as I said in the previous video video, the best way to protect from a hacker is to think like a hacker,

04:19

a cybersecurity as a cyber security professional, our goal is to break the streak in any step off this chain. If we can break it, protect the rest of the system, they cannot build on top of it.

04:31

So again, our goal is to break this chain and each one of these step, present an opportunity to detect, deny, disrupt, degrade, deceive or contained that targeted attack.

04:45

That's great.

04:46

Now that we went over the kitchen, let's see if you can answer these questions.

04:50

So the first question is, who created the Sabbath guilty?

04:54

And that's kind of it's a question. Although I said, Look it, Martin created the one that is widely accepted. However looking Martin

05:02

lookit, Martin's Kel chain is just a reflection off targeted attack, so I think it might be safe to stay there. Hackers actually created the cyberculture.

05:15

Second is what are the seven paces off the guilty.

05:18

So, as I said, we started very Constance, and then we build on top of it organization, delivery, exploitation, commanding control and action objectives.

05:30

However, that's incorrect because I skipped insulation.

05:34

So going back, it's reconnaissance organization, delivery, exploitation, installation, commanding control and, finally, action on objectives.

05:45

The last question of this post assessment is how the how do cyber skit professionals use the cybersecurity? Guilty.

05:53

As I said, each and every steps off the Sybil routine

05:58

presents an opportunity to defend against a targeted attack.

06:02

And that's how we use the cybersecurity for good, persecuted culture in for good.