Ç < ] o o z ] v u ] u } v d } o v v o Ç ] d z } x h v v ...€¦ · title: microsoft...
TRANSCRIPT
![Page 1: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/1.jpg)
David PeersBournemouth OWASP, 2019
Cyber Kill Chains, Diamond Modelsand Analysis Methods.
Understanding how Intelligence works.
![Page 3: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/3.jpg)
• Jargon• Intelligence Cycle• Typical installation of malware• Cyber Kill Chains• Diamond Model• Threat actor types• 3 Scenarios
Covered tonight…
![Page 4: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/4.jpg)
Jargon
• Events and Incidents• IoA• IoC• IoT• TTP• Bias• Risk• Black Swan• Hypothesis
• APT• Assets• Asset• Adversary• Adversary Operator• Adversary Customer• Attack• Campaign• Cyber (enabled) crime
![Page 5: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/5.jpg)
Intelligence Cycle
1
Planning and
Direction
2
Collection
3
Processing
4
Analysis
5
Delivery
Generationof
Intelligence
Consumption of
Intelligence
Creates Data
Creates Information
Creates Intelligence
CreatesDecisions
![Page 6: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/6.jpg)
![Page 7: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/7.jpg)
Cyber Kill Chain
7 step process, developed by Lockheed Martin, to breakdown the process of intrusion and compromise.
![Page 8: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/8.jpg)
Diamond Model #1
Infrastructure
Victim
Capability
Adversary
![Page 9: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/9.jpg)
Diamond Model #2
Capability
Adversary
Victim
Infrastructure
Uses
Connects to Exploits
Develops
![Page 10: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/10.jpg)
Threat Actor Types
State Sponsored
Organised Crime
Criminal Hacktivists
Disgruntled Employees
Script Kiddies
Low High
Population, Commitment, TimeStealth, Knowledge, Funding
Low
Impact
Nuisance
DoS, Data Breech
Brand, Reputation
Fraud, Identity, Espionage
National Infrastructure, ElectionsAbility
![Page 11: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/11.jpg)
Scenarios 1, 2 & 3
Let’s have some fun!
![Page 12: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM](https://reader035.vdocuments.net/reader035/viewer/2022071102/5fdbcabd086d502bf56732dc/html5/thumbnails/12.jpg)