hello and welcome to another application of the minor attack framework discussion. So today we're going to talk about our next module and look at the next phase of the minor attack framework. And so specifically, we're looking at what is execution based on what minor has laid out.
And so the objective of this particular discussion is to just describe what the execution phase of minor is
and describe what areas in execution we will be covering. So
what is execution? Well, this is the phase after initial access where an adversary is trying to run malicious code. And so in this particular vector, the Attackers will use this face to do things such a system discovery network discovery, and start the process of stealing data. Now,
when you think about the framework versus how Attackers actually operate with malware and things of that nature,
each phase is broken down individually. That doesn't mean that an attacker will gain initial access
and then execution will happen, and then the next phase will happen in the next phase. Typically, multiple things happen at a time that can go all the way to the impact phase of einer in a matter of a minute.
And so an attacker moves through each of these areas very quickly, and then the end result happens. And so this doesn't happen slowly unless you know you've got some type of targeted attack happening.
So keep that in mind when we talk about discovery and stealing of data and things of that nature, because this can all happen very quickly. So while there are a number of attack Victor's within the execution phase,
we're really going to focus on the given ones here. So we're going to talk about the command line interface at a high level execution through a P I control panel items, power shell scripting and user execution. This is going to follow the same
kind of methodology that we did before. We look at some statistics and common applications and threat actors in each of these areas,
as well as round out the execution phase with a case study where we will give you a scenario are ah, vendor or an organization where a security incident occurred that specific to one of these areas, and then you'll be asked to apply some controls and concepts to that as well.
So with that in mind. I want to thank you for your time today, and I look forward to seeing you again soon.