From the course: Foundational JavaScript Security
Overview of cyber kill chain - JavaScript Tutorial
From the course: Foundational JavaScript Security
Overview of cyber kill chain
- [Instructor] Cyber Kill Chain is a framework that was developed by Lockheed Martin and a great example of how to plan an attack as an ethical hacker. There are many ways to approach this framework and once you're done with this video, I strongly recommend you visit their website. They have great documentation and many examples how it can be used. But as an introduction, here is an overview of the framework. Any attack starts with reconnaissance, figuring out who or where we could plan an attack. For example, you could be harvesting lists of emails or information from social sites. And this step, the attacker also looks for potential areas he could explore vulnerabilities in an application, system or network. Then the attacker moves to weaponization, building the tool or a code that will exploit the vulnerability and to be delivered to the resources we've gathered in the reconnaissance step. Next is the delivery step where an attacker will send a Trojan, virus, or whatever weapon he's programmed through emails, social communication channels, texts, et cetera. In the next step, the attacker exploits the vulnerability he found in the reconnaissance stage through the communication channels. In step five, the tool is installing malware or code into the system, application or network to be able to exploit these resources. This is where a user may have clicked on the link and a tool installed itself in the background without his knowledge. Then the tool install would eventually take over and command a resource in question. A good example is how a hacker was able to control the temperature levels and the server environment and overheated the entire room, which eventually overheated and shut down the server hardware. And finally, once the resources control by the hacker, he takes over and pulls whatever data he was after and holds ransom over the resources in one manner or another for his own benefit. The goal of this framework is to determine what proper steps need to be taken on resources under threat at any of these stages, but also how to prevent the attacker from going any further in this process.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.