EXPANDED

Recommendations

Info

ENTERPRISE PRIVILEGE ESCALATION INTERNAL KILL CHAIN Internal Reconnaissance Internal Exploitation Enterprise Privilege Escalation Lateral Movement Target Manipulation OBJECTIVE Leverage compromised accounts and trust relationships to gain a high level of privilege OFFENSIVE TTPS • Kernel / system vulns. • Pass-the-hash & Mimikatz • Unprotected SSH keys • Creds in configuration files TIME REQUIRED 1 to 3 Days DEFENSIVE TTPS • Prevent: Run as leastprivilege accounts; use good security hygiene • Detect: Behavioral analytics 16
LATERAL MOVEMENT INTERNAL KILL CHAIN Internal Reconnaissance Internal Exploitation Enterprise Privilege Escalation Lateral Movement Target Manipulation OBJECTIVE Pivot through compromised systems into restricted network zones OFFENSIVE TTPS • Target virtualization, backup, config management layers • Layer SSH proxy tunnels to go deep TIME REQUIRED 4 Hours DEFENSIVE TTPS • Prevent: Segmented security zones at all layers • Detect: Behavioral analysis of successful login events 17
Page 1 and 2: USING AN EXPANDED CYBER KILL CHAIN
Page 3 and 4: AGENDA • Legacy Cyber Kill Chain
Page 5 and 6: LEGACY CYBER KILL CHAIN MODEL “Th
Page 7 and 8: Example Target Manipulation Objecti
Page 9 and 10: THE EXPANDED CYBER KILL CHAIN MODEL
Page 11 and 12: ALTERNATIVE: SPIRAL MODEL 11
Page 13 and 14: UNDERSTANDING THE STAGES OF A SOPHI
Page 15: INTERNAL EXPLOITATION INTERNAL KILL
Page 19 and 20: TARGET EXPLOITATION TARGET MANIPULA
Page 21 and 22: INSTALLATION TARGET MANIPULATION KI
Page 23 and 24: BUILDING A RESILIENT ENTERPRISE 23
Page 25 and 26: THE CYBER DEFENSE THRESHOLD Thresho
Page 27: FINAL THOUGHTS, QUESTIONS, AND DISC

EXPANDED

Create successful ePaper yourself

Delete template?

Save as template?