Cyber Kill Chain Methodology Quiz

Questions and Answers

What is the primary purpose of the cyber kill chain methodology?

To identify and prevent malicious intrusion activities (correct)

To facilitate communication between hackers

To create educational materials for hacking courses

To develop new hacking tools and technologies

Which of the following activities is involved in the reconnaissance phase of the cyber kill chain?

Sending the weaponized bundle to the victim

Gathering information about the target organization through social engineering (correct)

Identifying open ports and services

Creating a phishing email campaign

During the weaponization phase, what is typically created?

A comprehensive report on cybersecurity measures

A deliverable malicious payload (correct)

A grant proposal for additional funding

A security policy document

Which of the following best describes the delivery phase of the cyber kill chain?

Sending the weaponized bundle to the victim via various means

Which technique is NOT typically used during the reconnaissance phase?

Sending malware through a phishing campaign

What is a common activity during the weaponization phase?

Selecting and modifying malware payloads

How does the cyber kill chain help security professionals?

By helping them understand adversarial tactics and techniques in advance

Which of the following actions would NOT be part of preparing a cyber attack?

Implementing antivirus solutions in the target system

What is a characteristic feature of a computer virus?

Encrypting itself

Which of the following is NOT a purpose of creating viruses?

Make software improvements

What is the first stage in the virus lifecycle?

Design

What indication might suggest that a virus has compromised a system?

Missing files and folders

How do viruses typically spread to other systems?

Through file downloads and email attachments

Which of the following actions activates a virus within a target system?

Performing specific user actions with infected software

What would NOT typically be a symptom of a virus attack on a computer?

Fewer error messages than usual

What is one potential motive for a hacker to create a virus?

To gain remote access to victim's computers

What is the recommended security setting level for your Internet browser to protect against spyware?

High or medium

Which of the following is a valid reason to avoid opening emails from unknown senders?

They may contain spyware or viruses

What is one effective way to enhance the security level of your computer?

Enable a firewall

Why is it important to regularly update virus definition files?

To protect against new threats

What should you do before downloading software from a website?

Check if the website is trustworthy

When using peer-to-peer file-swapping software, what precaution should be taken?

Scan the files after installation

What action is advisable to take if you identify vulnerabilities in your operating system?

Refer to the OS vendor for guidance

When is it safe to perform web surfing and download files?

When you download cautiously

Which of the following is a common way a virus can be created?

Writing a virus program

What is ransomware primarily designed to do?

Restrict access to files and demand payment

Which of the following is NOT a type of virus mentioned?

Screen Saver Virus

What distinguishes computer worms from viruses?

Worms can replicate independently

Which of the following is a responsibility of antivirus applications?

Running the latest virus definitions

Which ransomware mentioned primarily attacks victims through email campaigns?

Dharma

What type of virus is known to modify its own code to avoid detection?

Metamorphic Virus

What is a common characteristic of malicious online ads?

They often lead to malware installations

Which of the following best describes an encryption virus?

It encrypts files and demands a decryption fee

What is a potential consequence of connecting to untrusted networks?

Vulnerability to malware infections

What is the primary purpose of ethical hacking in an organization?

To identify risks and suggest remedial actions

Which of the following skills are considered non-technical for an ethical hacker?

The ability to communicate effectively

Which Google advanced search operator restricts results to documents that contain all the search keywords in the title?

[allintitle:]

What limitation is associated with hiring an ethical hacker?

They can only help if the organization knows what to search for

Which tool would be used for extracting information about live hosts and open ports on a network?

Nmap

Which of the following is NOT a type of scanning tool?

Whois Lookup

What is a primary function of reconnaissance in ethical hacking?

To identify vulnerabilities before a breach

Which ethical hacking tool assists in extracting NetBIOS statistics?

Nbtstat Utility

What does ethical hacking primarily aim to improve in an organization?

Information system security

Which of the following represents a benefit of using Google hacking in reconnaissance?

It helps extract hidden or sensitive information

What is the primary focus of the 'Scanning' phase in ethical hacking?

To identify live hosts, services, and open ports

Which of the following operators can be used to restrict search results to a specific website's domain?

[site:]

Which of the following is a characteristic of technical skills required for ethical hackers?

Knowledge of networking concepts and technologies

What should organizations do to make the most out of hiring an ethical hacker?

Understand their security needs and threats

Study Notes

Cyber Kill Chain Methodology

• The Cyber Kill Chain methodology is used to identify and prevent malicious intrusion activities.
• It helps security professionals to understand the adversary's tactics, techniques, and procedures beforehand.

Reconnaissance

• It gathers data on the target to probe for weak points.
• Activities include:
  • Gathering information about the target organization through the internet or social engineering.
  • Performing analysis of online activities and publicly available information.
  • Gathering information from social networking sites and web services.
  • Obtaining information about websites visited.
  • Monitoring and analyzing the target organization’s website.
  • Performing Whois, DNS, and network footprinting.
  • Performing scanning to identify open ports and services.

Weaponization

• Creates a deliverable malicious payload using an exploit and a backdoor.
• Activities include:
  • Identifying appropriate malware payload based on the analysis.
  • Creating a new malware payload or selecting, reusing, and modifying available malware payloads based on the identified vulnerability.
  • Creating a phishing email campaign.
  • Leveraging exploit kits and botnets.

Delivery

• Sends weaponized bundle to the victim using email, USB, etc.
• The Gaining Access and Maintaining Access, as well as the Reconnaissance and Covering Tracks phases of the kill chain may be noticeable by the target organization.

Ethical Hacking Scope

• It is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices.
• It is used to identify risks and highlight remedial actions.
• It reduces Information and Communication Technology (ICT) costs by resolving vulnerabilities.

Ethical Hacking Limitations

• Without knowing what is being searched for and why, hiring an outside vendor to hack systems will not prove beneficial.
• An ethical hacker can only help an organization to better understand its security system; it is up to the organization to place the right safeguards on the network.

Skills of an Ethical Hacker

• Technical skills require in-depth knowledge of major operating environments, such as Windows, Unix, Linux, and Macintosh. 
• Technical skills require in-depth knowledge of networking concepts, technologies, and related hardware and software.
•  Technical skills require an expert understanding of technical domains.
•  Technical skills require knowledge of security areas and related issues.
•  Technical skills require high technical knowledge of how to launch sophisticated attacks.

Non-Technical Skills of an Ethical Hacker

• The ability to quickly learn and adapt new technologies.
• A strong work ethic and good problem-solving and communication skills.
• Commitment to an organization’s security policies.
• An awareness of local standards and laws.

Reconnaissance Using Advanced Google Hacking Techniques

• Google hacking refers to the use of advanced Google search operators for creating complex search queries to extract sensitive or hidden information that helps attackers find vulnerable targets.

Popular Google Advanced Search Operators

• [cache:] Displays the web pages stored in the Google cache.
• [link:] Lists web pages that have links to the specified web page.
• [related:] Lists web pages that are similar to the specified web page.
• [info:] Presents some information that Google has about a particular web page.
• [site:] Restricts the results to those websites in the given domain.
• [allintitle:] Restricts the results to those websites containing all the search keywords in the title.
• [intitle:] Restricts the results to documents containing the search keyword in the title.
• [allinurl:] Restricts the results to those containing all the search keywords in the URL.
• [inurl:] Restricts the results to documents containing the search keyword in the URL.
• [location:] Finds information for a specific location.

Reconnaissance Tools

• Web Data Extractor: Extracts targeted contact data (email, phone, and fax) from the website, extracts the URL and meta tags (title, description, keyword) for website promotion.
• Whois Lookup: Provides information about a domain name.

Scanning Tools 

• Nmap: Extracts information such as live hosts on the network, open ports, services (application name and version), types of packet filters/ firewalls, as well as operating systems and versions used.
• MegaPing: Comprehensive Security Scanner, Port scanner (TCP and UDP ports), IP scanner, NetBIOS scanner, and Share Scanner.
• Unicornscan: Identifies the OS of the target machine by observing the TTL values in the scan result.
• Hping2/Hping3: Uses ICMP echo requests to determine if a host is online.
• NetScanTools Pro: Scans networks for open ports, vulnerable services, and other security risks.
• SolarWinds Port Scanner: Scans networks for open ports and vulnerable services.
• PRTG Network Monitor: Monitors network devices and applications to detect problems, and provides real-time network performance data.
• OmniPeek Network Protocol Analyzer: Captures and analyzes network traffic to identify security threats, troubleshoot network problems, and optimize network performance.

Enumeration Tools 

• Nbtstat Utility: Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local and remote computers, and the NetBIOS name cache.
• NetBIOS Enumerator: Enumerates details, such as NetBIOS names, Usernames, Domain names, and MAC addresses, for a given range of IP addresses.
• Other NetBIOS Enumeration Tools
  • Global Network Inventory
  • Advanced IP Scanner
  • Hyena
  • Nsauditor Network Security Auditor

Threat and Threat Sources 

• A threat is any potential danger that could exploit a vulnerability and harm an information system or organization. 
• A threat source is the origin of a threat.

What is a Virus? 

• A virus is a self-replicating program that produces its own copy by attaching itself to another program, computer boot sector, or document.
• Viruses are transmitted through:
  • File downloads.
  • Infected disk/flash drives.
  • Email attachments.

Characteristics of Viruses 

• Infect other programs.
• Transform themselves.
• Encrypt themselves.
• Alter data.
• Corrupt files and programs.
• Self-replicate.

Purpose of Creating Viruses 

• Inflict damage on competitors.
• Realize financial benefits.
• Vandalize intellectual property.
• Play pranks.
• Conduct Research.
• Engage in cyber-terrorism.
• Distribute political messages.
• Damage networks or computers.
• Gain remote access to a victim's computer.

Indications of Virus Attack

• Processes require more resources and time, resulting in degraded performance.
• Computer beeps with no display.
• Drive label changes and OS does not load.
• Constant antivirus alerts.
• Computer freezes frequently or encounters an error such as BSOD.
• Files and folders are missing.
• Suspicious hard drive activity.
• Browser window "freezes".

Stages of Virus Lifecycle

• Design: Development of virus code using programming languages or construction kits.
• Replication: The virus replicates for a period within the target system and then spreads itself.
• Launch: The virus is activated when the user performs specific actions such as running an infected program.
• Detection: The virus is identified as a threat infecting the target system.
• Incorporation: Antivirus software developers assimilate defenses against the virus.
• Execution of the damage routine: Users install antivirus updates and eliminate the virus threats.

How does a Computer Get Infected by Viruses?

• Accepting files and downloads without checking the source.
• Opening infected emails and file attachments.
• Installing pirated software.
• Not updating and not installing new versions of plug-ins.
• Not running the latest antivirus application.
• Clicking malicious online ads.
• Using portable media.
• Connecting to untrusted networks.

Types of Viruses 

• System or Boot Sector Virus.
• File and Multipartite Virus.
• Macro and Cluster Virus.
• Stealth/Tunneling Virus.
• Encryption Virus.
• Sparse Infector Virus.
• Polymorphic Virus.
• Metamorphic Virus.
• Overwriting File or Cavity Virus.
• Companion/Camouflage Virus.
• Shell and File Extension Virus.
• FAT and Logic Bomb Virus.
• Web Scripting Virus.
• Email and Armored Virus.
• Add-on and Intrusive Virus.
• Direct Action or Transient Virus.
• Terminate & Stay Resident Virus.

Creating a Virus

• Writing a Virus Program: Programmers may create custom viruses with unique traits.
• Virus Maker Tools:
  • DELmE's Batch Virus Maker.
  • Bhavesh Virus Maker SKW.
  • Deadly Virus Maker.
  • SonicBat Batch Virus Maker.
  • TeraBIT Virus Maker.  
  • Andreinick05's Batch Virus Maker.

Ransomware

• A type of malware that restricts access to the computer system's files and folders. 
• Demands an online ransom payment to the malware creator(s) to remove the restrictions.

Popular Ransomware Families

• Dharma: Attacks victims through email campaigns; victims are asked to contact attackers via a provided email address and pay in bitcoins for the decryption service.
• eCh0raix
• SamSam
• WannaCry
• Petya and NotPetya
• GandCrab
• MegaCortex
• LockerGoga
• NamPoHyu
• Ryuk
• Cryptgh0st

Ransomware Families

• Cerber
• CTB-Locker
• Sodinokibi
• BitPaymer
• CryptXXX
• Cryptorbit ransomware
• Crypto Locker Ransomware
• Crypto Defense Ransomware
• Crypto Wall Ransomware 

Computer Worms

• Malicious programs that independently replicate, execute, and spread across the network connections.
• Consume available computing resources without human interaction.
• Attackers use worm payloads to install backdoors in infected computers.
• Examples:
  • Monero: A cryptocurrency miner that uses the victim's computer to mine cryptocurrency for the attacker.
  • Bondat: A worm that uses a vulnerability in Microsoft Windows to spread and steal sensitive data.
  • Beapy: A worm used to steal passwords, credit card information, and other sensitive data.

How is a Worm Different from a Virus?

• Viruses: Need a host program to replicate and spread.
• Worms: Replicate autonomously and spread through network connections.
• Viruses: Do not typically spread across networks.
• Worms: Can spread rapidly across networks.
• Viruses: Usually requires user action to activate.
• Worms: Can exploit system vulnerabilities and spread without requiring user action.

Description

Test your knowledge on the Cyber Kill Chain methodology, essential for understanding and preventing malicious intrusions. Explore critical phases such as reconnaissance and weaponization to see how each step contributes to cybersecurity strategies.