Beruflich Dokumente
Kultur Dokumente
ARCHITECTURE
WAYNE TUFEK
15TH – 16TH OF FEBRUARY 2019
SACON
BANGALORE
LOCKHEED MARTIN CYBER KILL CHAIN
Source: https://lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
2
Sensitivity: Confidential
LOCKHEED MARTIN CYBER KILL CHAIN
The seven steps to the Cyber Kill Chain® are:
1. Exploitation – this is the process in which the weaponized
package from step 2 acts on the system, exploiting a
vulnerability and executing code on the targeted system;
2. Installation – the executed code from Step 4 then installs the
malware on the target;
3. Command & Control (C2 or C&C) – the malware installed on the
target system will use a C2 channel to communicate with the
malicious actor; C2 channels are frequently masked to look like
normal traffic from the computer. Common C2 channels include
malware connecting to another IP address, website or social
media feed to receive additional commands;
4. Actions on Objectives – the malicious actor will send commands
to the malware through the C2 channel; this commonly includes
providing remote access so the malicious actor can directly login
to the system or other actions, such as gathering and exfiltrating
predefined data.
Source: https://www.cisecurity.org/spotlight/ei-isac-cybersecurity-spotlight-cyber-kill-
chain/
3
Sensitivity: Confidential
LOCKHEED MARTIN CYBER KILL CHAIN
5
Sensitivity: Confidential
KILL CHAIN LIMITATIONS
• Malware focused
• Can reinforce old-school, perimeter-focused, malware-
prevention thinking. And the fact is that intrusion prevention
solutions cannot provide 100% protection. But can be easily
applied to detection, response and recovery with a little work
• Doesn’t address internal threats
6
Sensitivity: Confidential
LOCKHEED MARTIN CYBER KILL CHAIN
7
Sensitivity: Confidential
LOCKHEED MARTIN CYBER KILL CHAIN
8
Sensitivity: Confidential
LOCKHEED MARTIN CYBER KILL CHAIN
9
Sensitivity: Confidential
LOCKHEED MARTIN CYBER KILL CHAIN
10
Sensitivity: Confidential
LOCKHEED MARTIN THREAT DRIVEN
APPROACH
11
Sensitivity: Confidential
LOCKHEED MARTIN THREAT DRIVEN
APPROACH
12
Sensitivity: Confidential
INTERNAL KILL CHAIN
Source: https://www.tripwire.com/solutions/vulnerability-and-risk-management/insider-threat-kill-chain-
detecting-human-indicators-of-compromise-register/
13
Sensitivity: Confidential
LOCKHEED MARTIN CYBER KILL CHAIN
14
Sensitivity: Confidential
LOCKHEED MARTIN CYBER KILL CHAIN
15
Sensitivity: Confidential
QUESTIONS?
Questions
16
Sensitivity: Confidential
PA S S I O N • I N T E G R I T Y • E X P E R I E N C E • R E S U LT S
17
Sensitivity: Confidential