EXPANDED

seantmalone

us-16-Malone-Using-an-Expanded-Cyber-Kill-Chain-Model-to-Increase-Attack-Resiliency

INTERNAL RECONNAISSANCE

INTERNAL KILL CHAIN

Internal

Reconnaissance

Internal

Exploitation

Enterprise

Privilege

Escalation

Lateral

Movement

Target

Manipulation

OBJECTIVE

Data mine available systems

and map the internal

network and vulnerabilities

OFFENSIVE TTPS

• DOMEX of local files,

network shares, browser

history, wiki/SharePoint

• Light service probing

TIME REQUIRED

1 to 2+ Weeks

DEFENSIVE TTPS

• Prevent: Granular resource

authorization

• Detect: Behavioral changes

from this IP & user account

14

Similar magazines