Cyber Kill Chain

The Cyber Kill Chain framework is designed for identification and prevention of the network intrusions. You will learn what the adversaries need to do in order to achieve their goals.

THM Room https://tryhackme.com/room/cyberkillchainzmt

TASK 1 : Introduction

Read the above.

No Answer

TASK 2 : Reconnaissance

What is the name of the Intel Gathering Tool that is a web-based interface to the common tools and resources for open-source intelligence?

OSINT Framework

Answer : OSINT Framework

What is the definition for the email gathering process during the stage of reconnaissance?

Email Harvesting

Answer : email harvesting

TASK 3 : Weaponization

This term is referred to as a group of commands that perform a specific task. You can think of them as subroutines or functions that contain the code that most users use to automate routine tasks. But malicious actors tend to use them for malicious purposes and include them in Microsoft Office documents. Can you provide the term for it?

Macro

Answer : Macro

TASK 4 : Delivery

What is the name of the attack when it is performed against a specific group of people, and the attacker seeks to infect the website that the mentioned group of people is constantly visiting.

Watering hole attack

Answer : Watering hole attack

TASK 5 : Exploitation

Can you provide the name for a cyberattack targeting a software vulnerability that is unknown to the antivirus or software vendors?

Zero-day

Answer : Zero-day

TASK 6 : Installation

Can you provide the technique used to modify file time attributes to hide new or changes to existing files?

Timestomping

Answer : Timestomping

Can you name the malicious script planted by an attacker on the webserver to maintain access to the compromised system and enables the webserver to be accessed remotely?

Web shell

Answer : Web shell

TASK 7 : Command & Control

What is the C2 communication where the victim makes regular DNS requests to a DNS server and domain which belong to an attacker.

DNS Tunneling

Answer : DNS Tunneling

TASK 8 : Actions on Objectives (Exfiltration)

Can you provide a technology included in Microsoft Windows that can create backup copies or snapshots of files or volumes on the computer, even when they are in use?

Shadow Copy

Answer : Shadow Copy

TASK 9 : Practice Analysis

What is the flag after you complete the static site?

Flag

Answer : THM{7HR347_1N73L_12_4w35om3}

TASK 10 : Conclusion

Read the above.

No Answer.

Cyber Kill Chain

TASK 1 : Introduction

Read the above.

TASK 2 : Reconnaissance

What is the name of the Intel Gathering Tool that is a web-based interface to the common tools and resources for open-source intelligence?

What is the definition for the email gathering process during the stage of reconnaissance?

TASK 3 : Weaponization

TASK 4 : Delivery

What is the name of the attack when it is performed against a specific group of people, and the attacker seeks to infect the website that the mentioned group of people is constantly visiting.

TASK 5 : Exploitation

Can you provide the name for a cyberattack targeting a software vulnerability that is unknown to the antivirus or software vendors?

TASK 6 : Installation

Can you provide the technique used to modify file time attributes to hide new or changes to existing files?

Can you name the malicious script planted by an attacker on the webserver to maintain access to the compromised system and enables the webserver to be accessed remotely?

TASK 7 : Command & Control

What is the C2 communication where the victim makes regular DNS requests to a DNS server and domain which belong to an attacker.

TASK 8 : Actions on Objectives (Exfiltration)

Can you provide a technology included in Microsoft Windows that can create backup copies or snapshots of files or volumes on the computer, even when they are in use?

TASK 9 : Practice Analysis

What is the flag after you complete the static site?

TASK 10 : Conclusion

Read the above.

Further Reading

OhSINT

Intro to C2

Living Off the Land