Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Video Description
Module 8 is a deep dive into the Cyber Kill Chain (CKC) that was introduced in an earlier module. The phases of teh CKC lifecycle are:
-
Passive data discovery
-
Detection
-
Denial
-
Delaying
-
Degrading
Lockheed Martin (LM) has produced an intelligence-driven defense model consisting of seven steps. Dean begins reviewing this model by discussing passive discovery of data and the many different sources of data within an environment. Next he discusses detecting future threat actions and capabilities and how this can be accomplished by reverse engineering malware. This process can provide clues to understanding how malware operates and how the infection occurred. Such knowledge can help prevent future infections. Detecting weaponization is discussed next. This involves detecting malicious payloads, Trojans, or what is being targeted such as a file or app. Evidence of such payloads can manifest as registry changes, new or missing files, and other artifacts as well as suspicious traffic activity. The video concludes with a discussion of the analysis of the attack timeline, when the malware was created, tested, and deployed, its capabilities and level of sophistication which all can provide clues to crafting a defense and detection methods.
Course Modules
Intro to Cyber Threat Intelligence
Module 1 - Introduction
Module 2 - Intelligence Foundations
Module 3 - CTI Perceptions
Module 4 - Tactical Threat Intelligence
Module 5 - Operational Threat Intelligence
Module 6 - Strategic Threat Intelligence
Module 7 - The Cyber Kill Chain
Module 8 - Tactical Threat Intelligence Requirements
Module 9 - Cyber Kill Chain Analysis
Module 10 - Cyber Kill Chain Management
Module 11 - Using Open Source Intelligence
Module 12 - Summary
Instructed By
Dean Pompilio
Instructor