EXPANDED

Recommendations

Info

INTERNAL RECONNAISSANCE INTERNAL KILL CHAIN Internal Reconnaissance Internal Exploitation Enterprise Privilege Escalation Lateral Movement Target Manipulation OBJECTIVE Data mine available systems and map the internal network and vulnerabilities OFFENSIVE TTPS • DOMEX of local files, network shares, browser history, wiki/SharePoint • Light service probing TIME REQUIRED 1 to 2+ Weeks DEFENSIVE TTPS • Prevent: Granular resource authorization • Detect: Behavioral changes from this IP & user account 14
INTERNAL EXPLOITATION INTERNAL KILL CHAIN Internal Reconnaissance Internal Exploitation Enterprise Privilege Escalation Lateral Movement Target Manipulation OBJECTIVE Exploit information and vulnerabilities on internal systems OFFENSIVE TTPS • System vulnerabilities • Web application vulnerabilities • LLMNR/NBNS Spoofing TIME REQUIRED 2 Days DEFENSIVE TTPS • Prevent: Patch & vuln. management (including dev & test systems) • Detect: Endpoint protection 15
Page 1 and 2: USING AN EXPANDED CYBER KILL CHAIN
Page 3 and 4: AGENDA • Legacy Cyber Kill Chain
Page 5 and 6: LEGACY CYBER KILL CHAIN MODEL “Th
Page 7 and 8: Example Target Manipulation Objecti
Page 9 and 10: THE EXPANDED CYBER KILL CHAIN MODEL
Page 11 and 12: ALTERNATIVE: SPIRAL MODEL 11
Page 13: UNDERSTANDING THE STAGES OF A SOPHI
Page 17 and 18: LATERAL MOVEMENT INTERNAL KILL CHAI
Page 19 and 20: TARGET EXPLOITATION TARGET MANIPULA
Page 21 and 22: INSTALLATION TARGET MANIPULATION KI
Page 23 and 24: BUILDING A RESILIENT ENTERPRISE 23
Page 25 and 26: THE CYBER DEFENSE THRESHOLD Thresho
Page 27: FINAL THOUGHTS, QUESTIONS, AND DISC

EXPANDED

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?