Cyber Kill Chain Preview

Dear Readers! 

Our February issue is dedicated to the cyber kill chain methodology. Inside you’ll find various articles, case studies and tutorials that will help you improve your hacker’s work routine. Here’s what’s inside.

To warm up we start with The Cyber Kill Chain by Syed Peer - a brief introduction to the methodology, prevention and drawbacks, explaining how the cyber kill chain provides a clear way to build a cyber security regime.

Later we drift off to KOMMAND: From concept to different types of command and control, from which you’ll learn what are command and control servers and how important they are to Red Teamers and pentesters.

Staying on the topic of Red Teaming, we have Red Teaming via ICS and SCADA Adversary Tactics and the title speaks pretty much for itself – this article will help you learn how to create a safe and reliable Red Teaming ICS environment.

Later on, we have Impact on Illicit Resource in the Era of Crypto-miners, that explains what cyber kill chain means during times of increased number of cybercrimes, and how to protect yourself from cyberattacks. To help you improve your skills and work environment, we also prepared Automating with Mitre ATT&CK with Python, in which you’ll learn how to automate the process of exploring threats with multiple tools, i.e. Recon-ng and Nmap.

If you’re still hungry for some Red Teaming, we also have Red Team vs Blue Team, in which the author explains how both teams work together in order to provide better security.

We also prepared articles on other topics that may gain your interest. Bruce Williams in Cybersecurity Management explains how different views of businesses on cybersecurity may change the work routine and how this view depends on the business mindset. If you’re looking for a more offensive topic, check out Attack with Websploit Tool.

We also have something really fresh for you - an article about the newest Kali Linux release, Kali 2021 - Pentesting with Empire & Starkiller by Daniel Dieterle.

Last but not least we will briefly touch the topic of data security and privacy in AWS and Azure, and wireless sensor network security for IoT systems.

As you can see, this month’s edition is very diverse, it’s important to us to provide you all kinds of knowledge, and we hope you’ll enjoy reading this edition as much as we did while preparing it for you.

Stay safe!

Hakin9 Editorial Team 

>>If you want to buy this magazine click here <<

>>If you are a subscriber, download your magazine here<<

---

TABLE OF CONTENTS

The Cyber Kill Chain

Syed Peer

Like so many things we take for granted as standard fare these days that have their origins in solutions within other industries (e.g. modern Project Management and Critical Path come to mind from Aerospace), so too was the case with the original “Kill Chain”. Lockheed Martin, a major defense contractor for the US Military (DOD), was instrumental in deriving the “Kill Chain” model based upon its military use case. Being a military defensive concept in principle and execution, the “Cyber Kill Chain” that originated at Lockheed focuses on the attacker’s perspective and the different stages identified in the process and required threats to be addressed to counter these types of attacks.

---

KOMMAND: From concept to different types of Command and Control

Joas Antonio dos Santos, Joao Paulo

In a professional test, CC servers are part of the so-called Red Team Engagement, where we try to simulate a real attacker with all its characteristics. It is worth remembering that the purpose of this type of test is not to get Domain Admin or SYSTEM on the network, but to achieve the goal (theft of information, intelligence, etc.). Escalation of privileges may occur, but as a means to achieve an objective and not an obligation.

---

Red Teaming via ICS and SCADA Adversary Tactics

Alexandros Pappas

Cyber attacks on industrial control systems (ICSs) differ in impact based on a number of factors, including the adversary’s intent, their sophistication and capabilities, and their familiarization with ICS and automated processes. Generally speaking, cyber attackers target these ICS environments via a campaign of attempts that allows access and provides enough information to invent an effect. However, the most important point when it comes to ICSs, is that the knowledge of the adversary’s operations can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities and familiarization with the ICS, which together work to unveil the potential impact of the attack on an organization.

---

Impact on Illicit Resource Utilization in The Era of Crypto-Miners

Mithun Smith Dias

In cybersecurity, various techniques have been used to understand the behaviour and characteristics of an attack. Various organizations, such as MITRE and Lockheed Martin, have developed several alternatives of cybersecurity frameworks to help enterprises and corporations to tackle and defend against a huge influx of incoming cyberattacks. Cyber kill chain is a sequence of phases taken to trigger a cyberattack on an organization from the initial Reconnaissance to Data exfiltration. The cybersecurity framework aids us in combating with the cyberattacks or security breaches by providing us with the different techniques, tactics and tools used during various stages of an attack. The following diagram depicts the various stages in a cyber kill chain.

---

Automating the Mitre Att&ck with Python

Bruno Rodrigues

In this article, I’ll focus on the Mitre Att&ck. Why? Because it’s a trending subject and because it’s the perfect example of what I said. If you look at the picture below, you’ll see that this framework allows to explore multiple threats, technologies, and attacks, making it a daunting task to keep organizations protected.

---

Red Team VS Blue Team

Dr Varin Khera

In the information security context, the terms "red team" and "blue team" are often mentioned. Both teams play essential roles in protecting organizations' IT systems from cyberattacks and preventing threat actors from stealing confidential data or disturbing the normal IT systems operations.

---

Kali 2021 – Pentesting with Empire & StarKiller

Daniel W. Dieterle

Kali Linux 2021 is here - the latest version of Kali Linux has been released! In this article we will talk briefly about some of the “cosmetic” changes of Kali, and then we will take an in-depth look at two of the largest tool updates for Kali 2021 – Empire & StarKiller.

---

Cybersecurity Management: Why, what, how?

Bruce Williams

This article is aimed at this boardroom and how business thinking should view cybersecurity, in the techniques that business leaders understand. It came about from teaching a cybersecurity unit across different disciplines in university. Each discipline has a different mindset.

---

Attack with WebSploit Tool

Füsun Yavuzer Aslan

In this article, it has been shown that Man-in-the-Middle attacks can be done very easily by using the websploit tool in Kali Linux. The initiation of the attack is described in detail according to the given scenario. The moment of the attack was analyzed with Wireshark software. In the conclusion section, methods of protection from this type of attack are specified.

---

From System and Data Security to Privacy Case Study in AWS and Azure

Annanda Rath

In this article, we explore the security patterns for Cloud SaaS. We work on the patterns covering different security aspects from system and data security to privacy. Our goal is to produce the security best practices and security knowledge documentation that SaaS developers can use as a guideline for developing Cloud SaaS applications from the ground up. In addition to that, we also provide a case study of security patterns and solutions in AWS and Azure.

---

Wireless Sensor Network Security for Smart Home IoT Systems

Dr Aparicio Carranza

To demonstrate best practices, an experimental testbed is constructed, consisting of a 3D printed model building equipped with wireless sensors and controlled by an Arduino and a Raspberry Pi 3 model B. A wireless management application for smartphones, which interfaces with the WSN, is also developed. Security properties are investigated using Kali Linux tools.