• Kaushal Patel

Cybersecurity Fundamentals - Cyberattack Cycle

Hello Readers ! Today I am giving you an overview of Cybersecurity Fundamentals on Attacker's perspective. How an attacker established the successful cyberattack.


Here, I am giving you the short information which helps you for easy to remember. You can easily find the brief description over internet but here you can make an easy note to remember.


Let get started.


Cyberattack Cycle

- Attacker's Perspectives


Attack Cycle :-


- driven by military model

- by Lockheed Martin

- Industries-accepted Methodology


Steps:-


- Reconnaissance

- Weaponizations

- Delivery

- Exploitation

- Installation

- Command and Controls

- Action on Objectives (Exfiltration)


Reconnaissance

Performing Reconnaissance:-

- Information Gathering

- Passive Reconnaissance

- Active Reconnaissance


Information Gathering:


- To gather the information about Victims or targets

- E.g. Open Ports, Services and Systems etc...


Passive Reconnaissance:


- To gather information without directly interacting with the target

- It is looks like a normal flow of traffic.


Active Reconnaissance:


- To gather information about target by actually sending the packets to targets.

- Directly Interacting with the target.


Weaponizations And Delivery

- Exploitation

- CVE

- Creativity


Exploitation:


- It is sequence of commands that takes advantage of vulnerabilities

- Cause of unintended behavior of software or hardware.


CVE:


- Common Vulnerabilities and Exposures

- This system is a list of standardized names for vulnerabilities and other information security exposures.

Creativity:


- Be creative like Hackers

- Used multiple attack vectors

- Write your own codes

- Built tools for exploitation


Exploitation And Installation

- Privilege Escalation

- Installation


Privilege Escalation:


- Attackers are taking advantage of programming errors or any vulnerabilities lies on design flow of application or software.


Installation:


- Here access has already been granted.

- More advanced tools or techniques are needed in order to further process of controlling systems.


Command And Control

- Persistence

- Backdoor

- Listener


Persistence:


- Act of creating easy way to get back.

- Means No need to hack again and again for gain access.

E.g. Backdoor, Listeners


Backdoor:


- It's a security breach.

- Allow access to classified data without authentication.


Listener:


- It is a service awaiting connection from victim's system

- If it is active, hackers get access again.


Action on Objectives (Exfiltration)

- Data Exfiltration

- Denial of Service

- Destruction


Data Exfiltration:


- Stealing valuable information.

- e.g. databases, user's sensitive information


Denial of Service:


- Create a machine by attackers to network resource unavailable.

- Preventing its functionality and disrupting the usage of resources.


Destruction:


- Damage to specific organizations.

- Loss of information, money and time stamp spent for restoring systems


Thanks for reading, I hope you liked this blog.

Happy Learning!!!

  • Twitter
  • Facebook
  • LinkedIn

This blog is for those who are beginner in Cyber Security . ​Please Subscribe for more update

© 2021 by CyberMetrix