Day 01 - Lets Defend SOC Path - Cyber Kill Chain
Cyber Kill Chain: Conceptual framework developed by Lockheed Martin that explains about the stages of cyber attacks from reconnaisance to Final execution of attacker's goal. Stages: Reconnaissance - This phase is all about research and identification of potential entry points. Attacker gathers info about vulnerabilities and entry points Weaponization - Using the info obtained the attackers pairs a remotely exploitable vulnerability with a compatible malware payload. Delivery - Malware or exploit deliver to target network / machine thru Phishing emails, compromised external devices and malicious websites. In this Phase - Attackers used to transfer the payload to target machine. Exploitation - Once the payload is delivered, attack starts the exploit the vulnerability at this stage either thru user action or automatic process Installation - At this stage - Malware install itself in the target machine and it will be persistent even after the device is restart or defense by attempts to remove it. Command and Control (C2) - fter installation, the compromised system establishes a connection back to the attacker’s infrastructure. This secure channel allows the attacker to remotely control the system and retrieve data or deploy additional tools. Actions on Objectives- In the final phase, the attacker carries out their end-goal—this might be exfiltrating sensitive data, disrupting operations, or moving laterally through the network to inflict further damage. +------------------+ +-------------------+ +------------------+ | Reconnaissance | --> | Weaponization | --> | Delivery | +------------------+ +-------------------+ +------------------+ | | | v v v +------------------+ +-------------------+ +------------------+ | Exploitation | --> | Installation | --> | Command & Control| +------------------+ +-------------------+ +------------------+ | v +----------------------+ | Actions on Objectives| +----------------------+ Advantages: Early Detection and Disruption Layered Defense Strategy Incident Response Threat Intelligence

Cyber Kill Chain:
Conceptual framework developed by Lockheed Martin that explains about the stages of cyber attacks from reconnaisance to Final execution of attacker's goal.
Stages:
- Reconnaissance - This phase is all about research and identification of potential entry points. Attacker gathers info about vulnerabilities and entry points
- Weaponization - Using the info obtained the attackers pairs a remotely exploitable vulnerability with a compatible malware payload.
- Delivery - Malware or exploit deliver to target network / machine thru Phishing emails, compromised external devices and malicious websites. In this Phase - Attackers used to transfer the payload to target machine.
- Exploitation - Once the payload is delivered, attack starts the exploit the vulnerability at this stage either thru user action or automatic process
- Installation - At this stage - Malware install itself in the target machine and it will be persistent even after the device is restart or defense by attempts to remove it.
- Command and Control (C2) - fter installation, the compromised system establishes a connection back to the attacker’s infrastructure. This secure channel allows the attacker to remotely control the system and retrieve data or deploy additional tools.
Actions on Objectives- In the final phase, the attacker carries out their end-goal—this might be exfiltrating sensitive data, disrupting operations, or moving laterally through the network to inflict further damage.
+------------------+ +-------------------+ +------------------+
| Reconnaissance | --> | Weaponization | --> | Delivery |
+------------------+ +-------------------+ +------------------+
| | |
v v v
+------------------+ +-------------------+ +------------------+
| Exploitation | --> | Installation | --> | Command & Control|
+------------------+ +-------------------+ +------------------+
|
v
+----------------------+
| Actions on Objectives|
+----------------------+
Advantages:Early Detection and Disruption
Layered Defense Strategy
Incident Response
Threat Intelligence