Attack Vectors and Cyber Kill Chain Flashcards
Attack Vectors and Cyber Kill Chain (30 cards)
What is an attack vector?
A method or pathway that a threat actor uses to gain unauthorized access to a system or network.
What is a phishing email an example of?
A social engineering attack vector.
How can USB drives serve as attack vectors?
They can carry malware that activates when plugged into a system.
What is a common attack vector that exploits web applications?
SQL injection.
Which attack vector exploits unpatched software vulnerabilities?
Exploit kits or zero-day vulnerabilities.
How does Remote Desktop Protocol (RDP) become an attack vector?
If not secured properly, attackers can gain access through brute-force or credential stuffing.
What type of attack vector is involved when attackers use malvertising?
The delivery of malware through online ads.
What is a watering hole attack?
Compromising a commonly visited site to target specific victims.
What is the risk of using outdated software?
It becomes an easy attack vector due to known vulnerabilities.
What is drive-by download?
Automatic download of malicious code when visiting a compromised website.
What is the Cyber Kill Chain?
A framework that describes the stages of a cyber attack from planning to execution.
What is the first phase of the Cyber Kill Chain?
Reconnaissance – gathering information about the target.
What happens in the Weaponization phase of the Kill Chain?
The attacker creates a deliverable payload (e.g., malware) to exploit the target.
What is the Delivery phase in the Kill Chain?
The attacker sends the payload to the target, e.g., via email, USB, or malicious link.
What is the Exploitation phase?
The malicious code is triggered, exploiting a vulnerability.
What happens in the Installation phase?
Malware is installed to maintain access and persistence.
What is the purpose of the Command and Control (C2) phase?
Allows the attacker to remotely control the infected system.
What is the final phase of the Kill Chain?
Actions on Objectives – attacker achieves their goal (e.g., data theft, destruction).
Why is it useful to understand the Cyber Kill Chain in SOC operations?
It helps in identifying, interrupting, and mitigating attacks at each stage.
Which phase of the Kill Chain involves creating custom malware for the target?
Weaponization.
During which phase would firewall or IDS logs help detect activity?
Delivery or Command and Control.
What tool might detect activity in the Exploitation phase?
An Endpoint Detection and Response (EDR) system.
Which phase might involve privilege escalation techniques?
Actions on Objectives.
At what phase is spear phishing typically used?
Delivery.
