66 lines
1.6 KiB
Markdown
66 lines
1.6 KiB
Markdown
# Security Killchains
|
|
|
|
Frameworks of killchains are inherited from the military and separate steps in which an attack occurs.
|
|
|
|
## Lockheed & Martin
|
|
|
|
* [Lockheed & Martin's Cyber Kill Chain Website](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html)
|
|
|
|
1. Reconnaissance
|
|
2. Weaponization
|
|
3. Delivery
|
|
4. Exploitation
|
|
5. Installation
|
|
6. Command & Control
|
|
7. Actions on Objectives
|
|
|
|
## Mitre ATT&CK Matrix
|
|
|
|
[Mitre ATT&CK](https://attack.mitre.org) is a matrix of __Tactics, Techniques and Procedures (TTP)__ of adversaries called __Adanced Persistent Threats (APT)__. The tactics are
|
|
|
|
1. Reconnaissance
|
|
2. Resource Development
|
|
3. Initial Access
|
|
4. Execution
|
|
5. Persistence
|
|
6. Privilege Escalation
|
|
7. Defense Evasion
|
|
8. Credential Access
|
|
9. Discovery
|
|
10. Lateral Movement
|
|
11. Collection
|
|
12. Command and Control
|
|
13. Exfiltration
|
|
14. Impact
|
|
|
|
[Crowdstrike](https://crowdstrike.com) as a threat intelligence tool is built on the Mitre ATT&CK framework.
|
|
|
|
## Unified Cyber Kill Chain
|
|
|
|
[The Unified Cyber Kill Chain](https://unifiedkillchain.com) is the youngest and
|
|
most detailed framework and builds upon the other frameworks. It contains combined
|
|
stages which are seen as lifecycles with potentially repeatable steps.
|
|
|
|
1. Reconnaissance
|
|
2. Weaponization
|
|
3. Delivery
|
|
4. Socical Engineering
|
|
5. Exploitation
|
|
6. Persistance
|
|
7. Defense Evation
|
|
8. Command & Control
|
|
9. Pivoting
|
|
10. Discovery
|
|
11. Privilege Escalation
|
|
12. Execution
|
|
13. Credential Access
|
|
14. Lateral Movement
|
|
15. Collection
|
|
16. Exfiltration
|
|
17. Impact
|
|
18. Objectives
|
|
|
|
Mentioned lifecycles are __Inital Foothold__, __Network Propagation__ and
|
|
__Actions on Objective__
|
|
|