About:
In this module, the participants will learn about the cyber kill chain and practice its different
steps and components.
The participants will analyse case studies and most importantly, understand the attacker’s
mindset and way of thinking. An analyst who can think like an attacker and appreciate their
TTPs will better identify possible weaknesses, spot anomalies, define alerts and understand
the attacker’s behaviour during investigation.
Subjects covered:
- The cyber kill chain
- External recon
- Initial compromise:
- Credentials
- Hashes
- Client-side exploits
- Internal reconnaissance:
- Local machine
- Info gathering
- Screen capture
- Keylogging
- Initial foothold:
- Privilege escalation
- Persistence
- Lateral movements:
- Port scanning
- Fingerprinting
- Pivoting
- Attack
- Establish foothold:
- Command and control
- Multistaging
- Endpoint evasion
- Protocol vulnerabilities
- Network Evasion
- Case studies