EXPANDED

seantmalone

us-16-Malone-Using-an-Expanded-Cyber-Kill-Chain-Model-to-Increase-Attack-Resiliency

ENTERPRISE PRIVILEGE ESCALATION

INTERNAL KILL CHAIN

Internal

Reconnaissance

Internal

Exploitation

Enterprise

Privilege

Escalation

Lateral

Movement

Target

Manipulation

OBJECTIVE

Leverage compromised

accounts and trust

relationships to gain a high

level of privilege

OFFENSIVE TTPS

• Kernel / system vulns.

• Pass-the-hash & Mimikatz

• Unprotected SSH keys

• Creds in configuration files

TIME REQUIRED

1 to 3 Days

DEFENSIVE TTPS

• Prevent: Run as leastprivilege

accounts; use good

security hygiene

• Detect: Behavioral analytics

16

Similar magazines