1
00:00:00,540 --> 00:00:08,280
The cyber kill chain model is basically a flow of the security event phases at the top of the kill chain

2
00:00:08,340 --> 00:00:10,920
is the reconnaissance phase.

3
00:00:10,920 --> 00:00:18,240
It is used to collect as much information as possible from the target systems common things to discover

4
00:00:18,240 --> 00:00:27,030
our operating systems network information and user data like e-mail addresses.

5
00:00:27,200 --> 00:00:34,670
The weaponization phase is used to create deliverable payloads based on information learn from the reconnaissance

6
00:00:34,730 --> 00:00:36,420
attack.

7
00:00:36,490 --> 00:00:43,150
For example if an attacker knew that the target had public facing windows web servers then they would

8
00:00:43,150 --> 00:00:48,520
create a malicious payload that could exploit Windows based vulnerabilities.

9
00:00:55,120 --> 00:01:00,430
Once an attacker has weaponized a payload they need to find a way to deliver it.

10
00:01:00,430 --> 00:01:02,780
This could be done with a USP flash drive.

11
00:01:02,920 --> 00:01:09,560
A web page or an e-mail phishing attacks are probably the easiest form of delivery.

12
00:01:12,380 --> 00:01:18,050
Once the malicious payload is delivered then the vulnerabilities that were identified during the weaponization

13
00:01:18,050 --> 00:01:24,020
phase can be exploited to execute code on the victims system.

14
00:01:26,800 --> 00:01:32,560
The most difficult part of the kill chain is the actual installation of malware.

15
00:01:32,830 --> 00:01:39,730
Since most machines have anti-virus and anti-malware well-known malware should be blocked in most cases

16
00:01:40,750 --> 00:01:46,810
but with zero day attacks that are a head of security software updates malware can still find the way

17
00:01:46,810 --> 00:01:48,270
to be installed.

18
00:01:50,330 --> 00:01:57,280
Depending on the type of malware that is installed the kill chain may stop at the installation phase.

19
00:01:57,320 --> 00:02:03,200
However if an attacker wants to do more than just installing malware to cause harm to a system then

20
00:02:03,590 --> 00:02:07,600
CNC command and control communication can be established.

21
00:02:08,920 --> 00:02:15,460
CNC programs can be used to connect to an attacker server so that they can remotely send commands to

22
00:02:15,460 --> 00:02:17,800
the compromised host.

23
00:02:17,860 --> 00:02:22,140
Once they have remote control they have hands on keyboard access.

24
00:02:22,270 --> 00:02:24,730
Making an action objective possible

25
00:02:27,920 --> 00:02:34,820
Cisco actually has a security portfolio that offers solutions to provide protection across the kill

26
00:02:34,820 --> 00:02:38,030
chain.

27
00:02:38,030 --> 00:02:44,330
If you scroll through this web page you'll see that Cisco has provided security solutions to protect

28
00:02:44,330 --> 00:02:47,470
against each kill chain phase.

29
00:02:47,810 --> 00:03:00,490
For example such as stealth watch e-mail and web security devices as well as Ampe anti-malware protection.

30
00:03:00,630 --> 00:03:07,160
As far as the exams are concerned our focus on simply memorizing each phase in the kill chain.