Introduction
First thing first, Are you(Individual/Organisation) compromised? then this blog series might help you to understand how you got compromised & also assist you to look after, if you’re not then this helps you to learn the cyber activities & its kill chain so that you can be prepared further.
Well, Attackers have goals and are willing to expand a certain amount of resources to achieve them, then to defend them the traditional security approach should be extended with methods based on understanding of Cyber-kill chain which makes them to succeed less often or even decide not to attack that organization.
Attackers enter an organization by taking advantage of an unpatched system, or via malware or phishing attacks, and rarely are left in control of just the right server with just the right privileged account. So, they use that initial endpoint as a foothold and begin a process of gaining access to systems and data that aid in their overall goal. For most attackers, the goal is exfiltration of data, while others can be focused on data destruction, or even holding data for ransom. Whether or not the attacker knows specifically what data or system they’re looking for, in order to get there, they know traversing multiple systems, requiring supplementary sets of credentials along the way, is a necessary step to facilitate additional footholds within the organization.
To make you understand the various TTP I will be explaining through the cyber kill chain or Threat model.
Basically Cyber kill chain model(Threat model) was designed to help security teams and researchers organize their thinking about detecting and responding to threats. This blog series main aim is provide an excellent mechanism to understand how organizations can significantly increase the defensibility of their environment by catching and stopping threats at each phase of the attacks’ life-cycle. The Kill Chain teaches us that while adversaries must completely progress through all phases for success, we “just” need to stop the chain at any step in the process to break the attack.
Do you know, a large number of cyber culprits once agreed upon a target perform meetings, discussions & planning for their operations are usually conducted through an anonymous communication in an Internet Relay Chat(IRC) room.
“There are no shortcuts to fight against cyber-crime”
If you connect, you must protect. Whether it’s your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems.
The purpose of i started writing article is to help our infosec community by sharing my ideas and experience, and real attacking scenarios. By the completion of this series you will be able to understand the common attack vectors & techniques and Detective & preventative controls. I have added my insights by which we can defend the attacks at 3 levels(Endpoint, Network & Process level) however defending methodology vary on Attack vectors some attacks can’t be detected at some levels .
And at the final blog, I will give some tips (7- 1 liners) to find suspicious activities in windows machines at endpoint level.
Back in September of 2016, NetSPI published a poster titled “ Redteam attacks and Blueteam defenses” This article is written to compliment and serves as an unofficial “Part 2” to the original NetSPI poster.
