2
Ethical Hacking Essentials (Module 2-Ethical Hacking Fundamentals)
|| || || || || || ||
Exam with verified detailed answers
|| || || ||
What is the Cyber Kill Chain Methodology? - ✔✔A component of intelligence-driven
|| || || || || || || || || || || ||
defense for the identification and prevention of malicious intrusion activities. This
|| || || || || || || || || || ||
methodology helps security professionals in identifying the steps that adversaries follow in
|| || || || || || || || || || || ||
order to accomplish their goals. The cyber kill chain is a framework developed for securing
|| || || || || || || || || || || || || || ||
cyberspace based on the concept of military kill chains. This method aims to actively
|| || || || || || || || || || || || || ||
enhance intrusion detection and response.
|| || || ||
Define Reconnaissance - ✔✔First phase of the seven where an adversary collects as much
|| || || || || || || || || || || || || ||
information about the target as possible to probe for weak points before actually attacking.
|| || || || || || || || || || || || || ||
They look for information such as publicly available information on the Internet, network
|| || || || || || || || || || || || ||
information, system information, and the organizational information of the target.
|| || || || || || || || ||
Activities of the adversary include the following:
|| || || || || || ||
-Gathering information about the target organization by searching the Internet or through
|| || || || || || || || || || || ||
social engineering
|| ||
-Performing analysis of various online activities and publicly available information
|| || || || || || || || || ||
-Gathering information from social networking sites and web services
|| || || || || || || || ||
-Obtaining information about websites visited || || || || ||
-Monitoring and analyzing the target organization's website
|| || || || || || ||
-Performing Whois, DNS, and network footprinting || || || || || ||
-Performing scanning to identify open ports and services || || || || || || ||
Define Weaponization - ✔✔Second phase of the seven-Based on the vulnerabilities
|| || || || || || || || || || ||
identified during analysis, the adversary selects or creates a tailored deliverable malicious
|| || || || || || || || || || || ||
payload (remote-access malware weapon) using an exploit and a backdoor to send it to the
|| || || || || || || || || || || || || || ||
, 2
victim. An adversary may target specific network devices, operating systems, endpoint
|| || || || || || || || || || ||
devices, or even individuals within the organization to carry out their attack.
|| || || || || || || || || || ||
Activities of the adversary include the following:
|| || || || || ||
-Identifying appropriate malware payload based on the analysis
|| || || || || || || ||
-Creating a new malware payload or selecting, reusing, modifying the available malware
|| || || || || || || || || || || ||
payloads based on the identified vulnerability
|| || || || || ||
-Creating a phishing email campaign || || || || ||
-Leveraging exploit kits and botnets || || || ||
Define Delivery - ✔✔Third phase of the seven- A key stage that measures the effectiveness
|| || || || || || || || || || || || || || ||
of the defense strategies implemented by the target organization based on whether the
|| || || || || || || || || || || || ||
intrusion attempt of the adversary is blocked or not.
|| || || || || || || ||
Activities of the adversary include the following:
|| || || || || ||
-Sending phishing emails to employees of the target organization
|| || || || || || || || ||
-Distributing USB drives containing malicious payload to employees of the target
|| || || || || || || || || || ||
organization ||
-Performing attacks such as watering hole on the compromised website
|| || || || || || || || || ||
-Implementing various hacking tools against the operating systems, applications, and
|| || || || || || || || || ||
servers of the target organization
|| || || ||
Define Exploitation - ✔✔Fourth phase of the seven-Triggers the adversary's malicious code
|| || || || || || || || || || || ||
to exploit a vulnerability in the operating system, application, or server on a target system.
|| || || || || || || || || || || || || || ||
At this stage, the organization may face threats such as authentication and authorization
|| || || || || || || || || || || || ||
attacks, arbitrary code execution, physical security threats, and security misconfiguration.
|| || || || || || || || ||
Define Installation - ✔✔Fifth phase of the seven-The adversary downloads and installs
|| || || || || || || || || || || ||
more malicious software on the target system to maintain access to the target network for
|| || || || || || || || || || || || || || ||
Ethical Hacking Essentials (Module 2-Ethical Hacking Fundamentals)
|| || || || || || ||
Exam with verified detailed answers
|| || || ||
What is the Cyber Kill Chain Methodology? - ✔✔A component of intelligence-driven
|| || || || || || || || || || || ||
defense for the identification and prevention of malicious intrusion activities. This
|| || || || || || || || || || ||
methodology helps security professionals in identifying the steps that adversaries follow in
|| || || || || || || || || || || ||
order to accomplish their goals. The cyber kill chain is a framework developed for securing
|| || || || || || || || || || || || || || ||
cyberspace based on the concept of military kill chains. This method aims to actively
|| || || || || || || || || || || || || ||
enhance intrusion detection and response.
|| || || ||
Define Reconnaissance - ✔✔First phase of the seven where an adversary collects as much
|| || || || || || || || || || || || || ||
information about the target as possible to probe for weak points before actually attacking.
|| || || || || || || || || || || || || ||
They look for information such as publicly available information on the Internet, network
|| || || || || || || || || || || || ||
information, system information, and the organizational information of the target.
|| || || || || || || || ||
Activities of the adversary include the following:
|| || || || || || ||
-Gathering information about the target organization by searching the Internet or through
|| || || || || || || || || || || ||
social engineering
|| ||
-Performing analysis of various online activities and publicly available information
|| || || || || || || || || ||
-Gathering information from social networking sites and web services
|| || || || || || || || ||
-Obtaining information about websites visited || || || || ||
-Monitoring and analyzing the target organization's website
|| || || || || || ||
-Performing Whois, DNS, and network footprinting || || || || || ||
-Performing scanning to identify open ports and services || || || || || || ||
Define Weaponization - ✔✔Second phase of the seven-Based on the vulnerabilities
|| || || || || || || || || || ||
identified during analysis, the adversary selects or creates a tailored deliverable malicious
|| || || || || || || || || || || ||
payload (remote-access malware weapon) using an exploit and a backdoor to send it to the
|| || || || || || || || || || || || || || ||
, 2
victim. An adversary may target specific network devices, operating systems, endpoint
|| || || || || || || || || || ||
devices, or even individuals within the organization to carry out their attack.
|| || || || || || || || || || ||
Activities of the adversary include the following:
|| || || || || ||
-Identifying appropriate malware payload based on the analysis
|| || || || || || || ||
-Creating a new malware payload or selecting, reusing, modifying the available malware
|| || || || || || || || || || || ||
payloads based on the identified vulnerability
|| || || || || ||
-Creating a phishing email campaign || || || || ||
-Leveraging exploit kits and botnets || || || ||
Define Delivery - ✔✔Third phase of the seven- A key stage that measures the effectiveness
|| || || || || || || || || || || || || || ||
of the defense strategies implemented by the target organization based on whether the
|| || || || || || || || || || || || ||
intrusion attempt of the adversary is blocked or not.
|| || || || || || || ||
Activities of the adversary include the following:
|| || || || || ||
-Sending phishing emails to employees of the target organization
|| || || || || || || || ||
-Distributing USB drives containing malicious payload to employees of the target
|| || || || || || || || || || ||
organization ||
-Performing attacks such as watering hole on the compromised website
|| || || || || || || || || ||
-Implementing various hacking tools against the operating systems, applications, and
|| || || || || || || || || ||
servers of the target organization
|| || || ||
Define Exploitation - ✔✔Fourth phase of the seven-Triggers the adversary's malicious code
|| || || || || || || || || || || ||
to exploit a vulnerability in the operating system, application, or server on a target system.
|| || || || || || || || || || || || || || ||
At this stage, the organization may face threats such as authentication and authorization
|| || || || || || || || || || || || ||
attacks, arbitrary code execution, physical security threats, and security misconfiguration.
|| || || || || || || || ||
Define Installation - ✔✔Fifth phase of the seven-The adversary downloads and installs
|| || || || || || || || || || || ||
more malicious software on the target system to maintain access to the target network for
|| || || || || || || || || || || || || || ||
