Cyber Defense Frameworks: Unified Kill Chain (TryHackMe)

Cyber Defense Frameworks: Unified Kill Chain (TryHackMe)

·

3 min read

In this article, I will write a Unified Kill Chain write-up: The Basics that covers What is a “Kill Chain”, What is “Threat Modelling”, Introducing the Unified Kill Chain, Phase: In (Initial Foothold), Phase: Through (Network Propagation), Phase: Out (Action on Objectives) and Practical.

  1. Where does the term "Kill Chain" originate from? For this answer, you must fill in the blank!: The ********** military**

  2. What is the technical term for a piece of software or hardware in IT (Information Technology?) asset

  3. In what year was the Unified Kill Chain framework released? 2017

  4. According to the Unified Kill Chain, how many phases are there to an attack? 18

  5. What is the name of the attack phase where an attacker employs techniques to evade detection? Defense Evasion

  6. What is the name of the attack phase where an attacker employs techniques to remove data from a network? Exfiltration

  7. What is the name of the attack phase where an attacker achieves their objectives? Objectives

  8. What is an example of a tactic to gain a foothold using emails? Phishing

  9. Impersonating an employee to request a password reset is a form of what? Social Engineering

  10. An adversary setting up the Command & Control server infrastructure is what phase of the Unified Kill Chain? Weaponization

  11. Exploiting a vulnerability present on a system is what phase of the Unified Kill Chain? Exploitation

  12. Moving from one system to another is an example of? Pivoting

  13. Leaving behind a malicious service that allows the adversary to log back into the target is what? Persistence

  14. As a SOC analyst, you pick up numerous alerts pointing to failed login attempts from an administrator account. What stage of the kill chain would an attacker be seeking to achieve? Privilege Escalation

  15. Mimikatz, a known attack tool, was detected running on the IT Manager's computer. What is the mission of the tool? Credential dumping

  16. While monitoring the network as a SOC analyst, you realise that there is a spike in the network activity, and all the traffic is outbound to an unknown IP address. What stage could describe this activity? Exfiltration

  17. Personally identifiable information (PII) has been released to the public by an adversary, and your organisation is facing scrutiny for the breach. What part of the CIA triad would be affected by this action? Confidentiality

  18. Deploy the static site attached to the task. You will need to match the various actions of an attacker to the correct phase of the Unified Kill Chain framework to reveal the flag.

    Answer the questions below

    Match the scenario prompt to the correct phase of the Unified Kill Chain to reveal the flag at the end. What is the flag? THM{UKC_SCENARIO}

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges. We can also connect more on LinkedIn or X.

Did you find this article valuable?

Support Sharon Jebitok by becoming a sponsor. Any amount is appreciated!