Cyber Kill Chain Methodology Quiz

Questions and Answers

What is the primary purpose of the cyber kill chain methodology?

• To identify and prevent malicious intrusion activities (correct)
• To facilitate communication between hackers
• To create educational materials for hacking courses
• To develop new hacking tools and technologies

Which of the following activities is involved in the reconnaissance phase of the cyber kill chain?

• Sending the weaponized bundle to the victim
• Gathering information about the target organization through social engineering (correct)
• Identifying open ports and services
• Creating a phishing email campaign

During the weaponization phase, what is typically created?

• A comprehensive report on cybersecurity measures
• A deliverable malicious payload (correct)
• A grant proposal for additional funding
• A security policy document

Which of the following best describes the delivery phase of the cyber kill chain?

Sending the weaponized bundle to the victim via various means (A)

Which technique is NOT typically used during the reconnaissance phase?

Sending malware through a phishing campaign (C)

What is a common activity during the weaponization phase?

Selecting and modifying malware payloads (A)

How does the cyber kill chain help security professionals?

By helping them understand adversarial tactics and techniques in advance (A)

Which of the following actions would NOT be part of preparing a cyber attack?

Implementing antivirus solutions in the target system (C)

What is a characteristic feature of a computer virus?

Encrypting itself (A)

Which of the following is NOT a purpose of creating viruses?

Make software improvements (B)

What is the first stage in the virus lifecycle?

Design (D)

What indication might suggest that a virus has compromised a system?

Missing files and folders (D)

How do viruses typically spread to other systems?

Through file downloads and email attachments (B)

Which of the following actions activates a virus within a target system?

Performing specific user actions with infected software (C)

What would NOT typically be a symptom of a virus attack on a computer?

Fewer error messages than usual (A)

What is one potential motive for a hacker to create a virus?

To gain remote access to victim's computers (B)

What is the recommended security setting level for your Internet browser to protect against spyware?

High or medium (C)

Which of the following is a valid reason to avoid opening emails from unknown senders?

They may contain spyware or viruses (B)

What is one effective way to enhance the security level of your computer?

Enable a firewall (B)

Why is it important to regularly update virus definition files?

To protect against new threats (D)

What should you do before downloading software from a website?

Check if the website is trustworthy (C)

When using peer-to-peer file-swapping software, what precaution should be taken?

Scan the files after installation (B)

What action is advisable to take if you identify vulnerabilities in your operating system?

Refer to the OS vendor for guidance (B)

When is it safe to perform web surfing and download files?

When you download cautiously (A)

Which of the following is a common way a virus can be created?

Writing a virus program (C)

What is ransomware primarily designed to do?

Restrict access to files and demand payment (B)

Which of the following is NOT a type of virus mentioned?

Screen Saver Virus (C)

What distinguishes computer worms from viruses?

Worms can replicate independently (A)

Which of the following is a responsibility of antivirus applications?

Running the latest virus definitions (C)

Which ransomware mentioned primarily attacks victims through email campaigns?

Dharma (C)

What type of virus is known to modify its own code to avoid detection?

Metamorphic Virus (D)

What is a common characteristic of malicious online ads?

They often lead to malware installations (D)

Which of the following best describes an encryption virus?

It encrypts files and demands a decryption fee (A)

What is a potential consequence of connecting to untrusted networks?

Vulnerability to malware infections (C)

What is the primary purpose of ethical hacking in an organization?

To identify risks and suggest remedial actions (C)

Which of the following skills are considered non-technical for an ethical hacker?

The ability to communicate effectively (A)

Which Google advanced search operator restricts results to documents that contain all the search keywords in the title?

[allintitle:] (C)

What limitation is associated with hiring an ethical hacker?

They can only help if the organization knows what to search for (B)

Which tool would be used for extracting information about live hosts and open ports on a network?

Nmap (D)

Which of the following is NOT a type of scanning tool?

Whois Lookup (A)

What is a primary function of reconnaissance in ethical hacking?

To identify vulnerabilities before a breach (B)

Which ethical hacking tool assists in extracting NetBIOS statistics?

Nbtstat Utility (C)

What does ethical hacking primarily aim to improve in an organization?

Information system security (B)

Which of the following represents a benefit of using Google hacking in reconnaissance?

It helps extract hidden or sensitive information (C)

What is the primary focus of the 'Scanning' phase in ethical hacking?

To identify live hosts, services, and open ports (A)

Which of the following operators can be used to restrict search results to a specific website's domain?

[site:] (B)

Which of the following is a characteristic of technical skills required for ethical hackers?

Knowledge of networking concepts and technologies (D)

What should organizations do to make the most out of hiring an ethical hacker?

Understand their security needs and threats (D)

Flashcards

Cyber Kill Chain

A methodology used to identify and prevent malicious intrusion activities. Helps security professionals understand how attackers may target systems.

Reconnaissance

The initial stage of the Cyber Kill Chain where attackers gather information about the target to find vulnerabilities. This can involve researching the organization, its employees, and its online presence.

Weaponization

The process of creating a malicious payload, combining an exploit and a backdoor to create a weaponized tool.

Delivery

The way the attacker delivers the weaponized payload to the victim. This can be through email attachments, malicious websites, or even physical devices.

Ethical Hacking

A technique used to find and fix vulnerabilities in IT systems by simulating real-world attack scenarios. It helps organizations identify weaknesses before attackers can exploit them.

Google Hacking

The practice of understanding and utilizing Google's advanced search operators to find sensitive information, which can aid attackers in identifying targets.

Whois Lookup

A free tool used for discovering information about domain names, including ownership details, contact information, and registration dates.

Nmap

A powerful network scanning tool that gathers information about live hosts, open ports, services, and operating systems on a network.

Computer Worm

A malicious program that replicates itself and spreads across a network, exploiting vulnerabilities to gain access to systems.

Ransomware

A type of malware that encrypts the files on a victim's computer and then demands a ransom payment in exchange for the decryption key.

Virus

A virus that replicates by attaching itself to another program, boot sector, or document.

Creating a Virus

The process of creating a virus program, either by writing code from scratch or using pre-made tools.

Design (Virus Lifecycle)

The development stage of a virus's lifecycle, where the virus code is written or assembled.

Replication (Virus Lifecycle)

The stage of a virus's lifecycle where it multiplies and distributes itself to new victims.

Launch (Virus Lifecycle)

The stage where a virus becomes active and begins executing its malicious code, often triggered by certain actions taken by the user.

Detection (Virus Lifecycle)

The stage where the virus is identified as a threat by antivirus software or security systems.

Incorporation (Virus Lifecycle)

The stage where antivirus and security software developers create defenses against a virus.

Execution of Damage Routine (Virus Lifecycle)

The stage where the virus's malicious code is executed and causes damage to the infected system.

Boot Sector Virus

A particular type of virus that infects the boot sector of a hard drive, preventing the operating system from loading properly.

File Virus

A virus that infects executable files (.exe, .com) or multipartite viruses that infect both the boot sector and files.

Macro Virus

A virus that specifically infects macro commands within applications like Microsoft Word or Excel.

Stealth Virus

A virus that attempts to hide from detection by antivirus software using techniques like encryption or disguising its code.

Encryption Virus

A virus that encrypts files on a system and demands a ransom from the user for the decryption key.

FAT Virus

A virus that does not infect files directly but modifies the file allocation table (FAT), making it difficult to find and remove the virus.

Web Scripting Virus

A virus that spreads through online interactions, such as websites and email attachments.

Email Virus

A virus that spreads through email attachments, aiming to infect unsuspecting users.

Exploit

A malicious program that exploits vulnerabilities in operating systems or applications to gain unauthorized access to a system.

Backdoor

A piece of code that allows an attacker to remotely control an infected computer.

Botnet

A collection of connected computers controlled by an attacker to launch coordinated attacks.

Exploit Kit

A tool that automates the process of exploiting vulnerabilities and delivering malware payloads.

Study Notes

Cyber Kill Chain Methodology

• The Cyber Kill Chain methodology is used to identify and prevent malicious intrusion activities.
• It helps security professionals to understand the adversary's tactics, techniques, and procedures beforehand.

Reconnaissance

• It gathers data on the target to probe for weak points.
• Activities include:
  • Gathering information about the target organization through the internet or social engineering.
  • Performing analysis of online activities and publicly available information.
  • Gathering information from social networking sites and web services.
  • Obtaining information about websites visited.
  • Monitoring and analyzing the target organization’s website.
  • Performing Whois, DNS, and network footprinting.
  • Performing scanning to identify open ports and services.

Weaponization

• Creates a deliverable malicious payload using an exploit and a backdoor.
• Activities include:
  • Identifying appropriate malware payload based on the analysis.
  • Creating a new malware payload or selecting, reusing, and modifying available malware payloads based on the identified vulnerability.
  • Creating a phishing email campaign.
  • Leveraging exploit kits and botnets.

Delivery

• Sends weaponized bundle to the victim using email, USB, etc.
• The Gaining Access and Maintaining Access, as well as the Reconnaissance and Covering Tracks phases of the kill chain may be noticeable by the target organization.

Ethical Hacking Scope

• It is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices.
• It is used to identify risks and highlight remedial actions.
• It reduces Information and Communication Technology (ICT) costs by resolving vulnerabilities.

Ethical Hacking Limitations

• Without knowing what is being searched for and why, hiring an outside vendor to hack systems will not prove beneficial.
• An ethical hacker can only help an organization to better understand its security system; it is up to the organization to place the right safeguards on the network.

Skills of an Ethical Hacker

• Technical skills require in-depth knowledge of major operating environments, such as Windows, Unix, Linux, and Macintosh. 
• Technical skills require in-depth knowledge of networking concepts, technologies, and related hardware and software.
•  Technical skills require an expert understanding of technical domains.
•  Technical skills require knowledge of security areas and related issues.
•  Technical skills require high technical knowledge of how to launch sophisticated attacks.

Non-Technical Skills of an Ethical Hacker

• The ability to quickly learn and adapt new technologies.
• A strong work ethic and good problem-solving and communication skills.
• Commitment to an organization’s security policies.
• An awareness of local standards and laws.

Reconnaissance Using Advanced Google Hacking Techniques

• Google hacking refers to the use of advanced Google search operators for creating complex search queries to extract sensitive or hidden information that helps attackers find vulnerable targets.

Popular Google Advanced Search Operators

• [cache:] Displays the web pages stored in the Google cache.
• [link:] Lists web pages that have links to the specified web page.
• [related:] Lists web pages that are similar to the specified web page.
• [info:] Presents some information that Google has about a particular web page.
• [site:] Restricts the results to those websites in the given domain.
• [allintitle:] Restricts the results to those websites containing all the search keywords in the title.
• [intitle:] Restricts the results to documents containing the search keyword in the title.
• [allinurl:] Restricts the results to those containing all the search keywords in the URL.
• [inurl:] Restricts the results to documents containing the search keyword in the URL.
• [location:] Finds information for a specific location.

Reconnaissance Tools

• Web Data Extractor: Extracts targeted contact data (email, phone, and fax) from the website, extracts the URL and meta tags (title, description, keyword) for website promotion.
• Whois Lookup: Provides information about a domain name.

Scanning Tools 

• Nmap: Extracts information such as live hosts on the network, open ports, services (application name and version), types of packet filters/ firewalls, as well as operating systems and versions used.
• MegaPing: Comprehensive Security Scanner, Port scanner (TCP and UDP ports), IP scanner, NetBIOS scanner, and Share Scanner.
• Unicornscan: Identifies the OS of the target machine by observing the TTL values in the scan result.
• Hping2/Hping3: Uses ICMP echo requests to determine if a host is online.
• NetScanTools Pro: Scans networks for open ports, vulnerable services, and other security risks.
• SolarWinds Port Scanner: Scans networks for open ports and vulnerable services.
• PRTG Network Monitor: Monitors network devices and applications to detect problems, and provides real-time network performance data.
• OmniPeek Network Protocol Analyzer: Captures and analyzes network traffic to identify security threats, troubleshoot network problems, and optimize network performance.

Enumeration Tools 

• Nbtstat Utility: Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local and remote computers, and the NetBIOS name cache.
• NetBIOS Enumerator: Enumerates details, such as NetBIOS names, Usernames, Domain names, and MAC addresses, for a given range of IP addresses.
• Other NetBIOS Enumeration Tools
  • Global Network Inventory
  • Advanced IP Scanner
  • Hyena
  • Nsauditor Network Security Auditor

Threat and Threat Sources 

• A threat is any potential danger that could exploit a vulnerability and harm an information system or organization. 
• A threat source is the origin of a threat.

What is a Virus? 

• A virus is a self-replicating program that produces its own copy by attaching itself to another program, computer boot sector, or document.
• Viruses are transmitted through:
  • File downloads.
  • Infected disk/flash drives.
  • Email attachments.

Characteristics of Viruses 

• Infect other programs.
• Transform themselves.
• Encrypt themselves.
• Alter data.
• Corrupt files and programs.
• Self-replicate.

Purpose of Creating Viruses 

• Inflict damage on competitors.
• Realize financial benefits.
• Vandalize intellectual property.
• Play pranks.
• Conduct Research.
• Engage in cyber-terrorism.
• Distribute political messages.
• Damage networks or computers.
• Gain remote access to a victim's computer.

Indications of Virus Attack

• Processes require more resources and time, resulting in degraded performance.
• Computer beeps with no display.
• Drive label changes and OS does not load.
• Constant antivirus alerts.
• Computer freezes frequently or encounters an error such as BSOD.
• Files and folders are missing.
• Suspicious hard drive activity.
• Browser window "freezes".

Stages of Virus Lifecycle

• Design: Development of virus code using programming languages or construction kits.
• Replication: The virus replicates for a period within the target system and then spreads itself.
• Launch: The virus is activated when the user performs specific actions such as running an infected program.
• Detection: The virus is identified as a threat infecting the target system.
• Incorporation: Antivirus software developers assimilate defenses against the virus.
• Execution of the damage routine: Users install antivirus updates and eliminate the virus threats.

How does a Computer Get Infected by Viruses?

• Accepting files and downloads without checking the source.
• Opening infected emails and file attachments.
• Installing pirated software.
• Not updating and not installing new versions of plug-ins.
• Not running the latest antivirus application.
• Clicking malicious online ads.
• Using portable media.
• Connecting to untrusted networks.

Types of Viruses 

• System or Boot Sector Virus.
• File and Multipartite Virus.
• Macro and Cluster Virus.
• Stealth/Tunneling Virus.
• Encryption Virus.
• Sparse Infector Virus.
• Polymorphic Virus.
• Metamorphic Virus.
• Overwriting File or Cavity Virus.
• Companion/Camouflage Virus.
• Shell and File Extension Virus.
• FAT and Logic Bomb Virus.
• Web Scripting Virus.
• Email and Armored Virus.
• Add-on and Intrusive Virus.
• Direct Action or Transient Virus.
• Terminate & Stay Resident Virus.

Creating a Virus

• Writing a Virus Program: Programmers may create custom viruses with unique traits.
• Virus Maker Tools:
  • DELmE's Batch Virus Maker.
  • Bhavesh Virus Maker SKW.
  • Deadly Virus Maker.
  • SonicBat Batch Virus Maker.
  • TeraBIT Virus Maker.  
  • Andreinick05's Batch Virus Maker.

Ransomware

• A type of malware that restricts access to the computer system's files and folders. 
• Demands an online ransom payment to the malware creator(s) to remove the restrictions.

Popular Ransomware Families

• Dharma: Attacks victims through email campaigns; victims are asked to contact attackers via a provided email address and pay in bitcoins for the decryption service.
• eCh0raix
• SamSam
• WannaCry
• Petya and NotPetya
• GandCrab
• MegaCortex
• LockerGoga
• NamPoHyu
• Ryuk
• Cryptgh0st

Ransomware Families

• Cerber
• CTB-Locker
• Sodinokibi
• BitPaymer
• CryptXXX
• Cryptorbit ransomware
• Crypto Locker Ransomware
• Crypto Defense Ransomware
• Crypto Wall Ransomware 

Computer Worms

• Malicious programs that independently replicate, execute, and spread across the network connections.
• Consume available computing resources without human interaction.
• Attackers use worm payloads to install backdoors in infected computers.
• Examples:
  • Monero: A cryptocurrency miner that uses the victim's computer to mine cryptocurrency for the attacker.
  • Bondat: A worm that uses a vulnerability in Microsoft Windows to spread and steal sensitive data.
  • Beapy: A worm used to steal passwords, credit card information, and other sensitive data.

How is a Worm Different from a Virus?

• Viruses: Need a host program to replicate and spread.
• Worms: Replicate autonomously and spread through network connections.
• Viruses: Do not typically spread across networks.
• Worms: Can spread rapidly across networks.
• Viruses: Usually requires user action to activate.
• Worms: Can exploit system vulnerabilities and spread without requiring user action.