Video Transcription

00:07
Yeah,
00:08
The Cyberattack life cycle is a model used to describe how a typical attacker would advance their attack strategies through different stages. Each tax stage has a strategic goal. It must be completed for the next stage to begin.
00:20
We could stop the action anywhere in the change of deter, Break that attack,
00:24
click, attack or defense to learn more about that particular attack. Lifecycle
00:35
Reconnaissance.
00:38
The first goal of an attacker is to perform reconnaissance through Discovery. Any enumeration.
00:43
The first attack phase focuses on identifying as many resource is possible through the use of sniffers, scanners spoofing an impersonation via social engineering
00:57
weaponization.
00:59
Next, Attackers determine which methods he used to compromise a targeted endpoint
01:07
delivery.
01:08
Attackers deliver their weaponized payload to a target endpoint using these tools, such as email, instant messaging or I am
01:15
webpage redirection infected file shares.
01:23
Exploitation and exploit is an event that activates a weaponized payload.
01:29
An end user may unwittingly clicking malicious link or open an infected attachment. In an email.
01:34
An attacker also made remotely trigger an exploit My system. They have compromised
01:45
installation.
01:47
The next school of attack is escalation of privilege,
01:49
where the attacker installs a root kits or other malware, an attempt to gain root level control.
02:00
Commanding control. CNC
02:04
connections are established between infected endpoints and a CNC server, which is a master server that is designed to listen to individual compromised endpoints and respond with appropriate attack commands.
02:15
The terms bought in botnet often are used to describe an infected endpoint and a collection of infected endpoints that are simultaneously controlled by a CNC server. CNC traffic must be conducted in stealth mode
02:31
actions on the objective.
02:35
At this final stage, Attackers can finally achieved various goals, including data theft, destruction or modification,
02:40
network access and remote execution.