Cyber Kill Chain: Reconnaissance

0.0(0)
studied byStudied by 1 person
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/35

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

36 Terms

1
New cards

Red team

Offensive security methods, creative mindset, excellent report writing skills

2
New cards

Red team

Conducting penetration tests, managing phishing and social engineering campaigns, and providing through reports

3
New cards

Red team

Simulate adversary’s attacks to identify gaps in the organization’s security posture

4
New cards

Blue team

Incident response, digital forensics, proficiency with security tools

5
New cards

Blue team

Managing security tools, developing incident response plans, monitoring logs, and responding to security incidents.

6
New cards

Blue team

Protect the organization’s assets, data, and systems from unauthorized access or damage

7
New cards

Purple team

Combination of offensive and defensive cybersecurity techniques

8
New cards

Purple team

developing realistic attack scenarios, analyzing security controls, and providing recommendations

9
New cards

Purple team

enhance the organization’s overall security posture by leveraging the combined expertise of red and blue teams.

10
New cards

Kill chain

derived for a military concept to describe the

stages of an attack to a phased-based model. Core

concept includes:

• Preventing the attack at the earlier stages lessens the

impact to the target

• The less information an attacker has, for instance, the

less likely someone else can use that information to

complete the attack later.

11
New cards

Cyberattack Lifecycle

is a model developed by

Lockheed Martin that describes the phases of a targeted

cyberattack.

12
New cards

Passive Reconnaissance

Performing recon without

directly engaging the the target

organization

13
New cards

Active Reconnaissance

Engaging the targeted system

to gather information and

possibly identify its

vulnerabilities

14
New cards

Reconnaissance

A systematic attempt to

locate, gather, identify and

record information about the

target.

15
New cards

Vulnerability Scanning

is the process of evaluating networks or IT assets for security vulnerabilities—flaws or weaknesses

that external or internal threat actors can exploit (IBM, 2023). The goal of detecting and fixing

vulnerabilities reduces your attack surface or even comply to standards for some organizations

16
New cards

Coding flaws

such as web apps that are susceptible to

cross-site scripting, SQL injection and other injection attacks

because of how they handle user inputs.

17
New cards

Unprotected open ports

in servers, laptops and other

endpoints, which hackers could use to spread malware.

18
New cards

Misconfigurations

such as a cloud storage bucket that

exposes sensitive data to the public internet because it has

inappropriate access permissions

19
New cards

Missing patches

weak passwords or other deficiencies in

cybersecurity hygiene.

20
New cards

Discovery scan, Full vulnerability scan, Stealth scan

Types of scan

21
New cards

Discovery Scan

Least intrusive. Determines how many host is up in the network (e.g. Ping, NMAP,

Nessus)

22
New cards

Full Vulnerability Scan

Scan that determines vulnerability of the target. This is very noisy an can easily

be detected by firewall and endpoint protection. Scans can differentiate thru Network Scan (e.g Nessus,

OpenVas NMAP) or Web Application (e.g. ZAP, Nikto, Burpsuite).

23
New cards

Credentialed Scan

Scan which includes a valid username and password of the

target host which can further discover more vulnerabilities. Typically used by the

Blue Team.

24
New cards

Stealth Scan

A scan that only send SYN packet to target. While not intrusive, it can still be detected by

firewall if used repetitive (NMAP)

25
New cards

CVE Numbering Authority

CNA

26
New cards

Common Vulnerabilities and Exposures

CVE

27
New cards

Vulnerability information

is provided to CVE Numbering Authority (CNA) via

researchers, vendors, or users. Many vulnerabilities are also discovered as part of

bug bounty programs.

28
New cards

Common Vulnerability Scoring System

CVSS

29
New cards

Common Vulnerability Scoring

System (CVSS)

is an open set of standards used to

assess a vulnerability and assign a

severity along a scale of 0-10. The

current version of CVSS is v3.1, which

breaks down the scale is as follows:

30
New cards

Common Weakness Enumeration

CWE

31
New cards

Common Weakness Enumeration (CWE)

is a collection of standardized

names and descriptions for common software weaknesses. It categorizes weaknesses based on their type and scope, providing a

framework for discussing and addressing software security threats. also includes mappings to other vulnerability databases, such as

CVE.

32
New cards

CVEs

refer to the actual vulnerabilities

33
New cards

CWEs

refer to the underlying

weaknesses that can lead to those vulnerabilities.

34
New cards

Open Worldwide Application Security Project

OWASP

35
New cards

OWASP

is a nonprofit foundation that works to

improve the security of software.

36
New cards

OWASP

They developed OWASP Top 10 security concerns for

web application security, focusing on the 10 most

critical risks which is updated regularly