Killing the Cyber Security Kill Chain

•Download as PPTX, PDF•

0 likes•43 views

Threat Modelling aims to identify threats and vulnerabilities to apply controls to mitigate the risks. Killing the Cyber Security Kill Chain is an approach for Threat Modelling with ISO 27001 controls. Here is the link to the presentation (c) Creative Commons Attributed

Technology

Threat modeling identify potential threats and
vulnerabilities in a threat landscape to help implement
effective security controls for mitigations.
THREAT MODELLING
METHODOLOGIES
STRIDE, PASTA,
VAST, Trike, Attack
Trees, CVSS,
hTMMD
MITRE ATT&CK
OWASP
METHOD DEPENDS ON THREAT LANDSCAPE

THREAT MODELLING PROCESS
CYBER SECURITY KILL CHAIN APPLIES TO ALL

CYBER SECURITY KILL CHAIN
● A GENERIC ATTACK MODEL.
● STAGES OF AN ATTACKER.
● DESIGNED FOR A SUCCESSFUL ATTACK.
● REQUIRES DEFENCE IN EVERY STEP.

ATTACK STEPS OF KILL CHAIN
RECONNAISSANCE WEAPONIZATION
DELIVERY
EXPLOITATION
INSTALLATION COMMAND & CONTROL
ACTION ON OBJECTIVE

RECONNAISSANCE
GATHER INFORMATION ABOUT THE TARGET
PASSIVE
WHOIS
ARIN
GOOGLE
SHODAN
COMPANY WEBSITE
JOB LISTINGS
PROTECTION
LIMIT PUBLIC INFORMATION
ACCEPTABLE SOCIAL MEDIA USE
MODIFY SERVER ERROR MESSAGES
DOMAIN PRIVACY CONTROLS
SCREENING PEOPLE

RECONNAISSANCE
GATHER INFORMATION ABOUT THE TARGET
ACTIVE
NMAP
PORT SCANNING
BANNER GRABBING
VULNERABILITY
SCANNING
PROTECTION
DISABLE UNUSED PORTS
DISABLE UNUSED SERVICES
HONEYPOTS
FIREWALL, IDS/ IPS
TOR AND VPNs
INBOUND BLOCKING

WEAPONIZATION
FIND OR CREATE THE ATTACK THE WEAKNESS
TOOLS
METASPLOIT
AIRCRACK NG
BURP SUITE
SOCIAL ENGINEERING TOOLKIT
VEIL FRAMEWORK
SQLMAP
WAPITI
AND MORE ….
DEFENSES
PATCH MANAGEMENT
DISABLE OFFICE MACROS
BROWSER PLUGINS
ANTI VIRUS
EMAIL SECURITY
AUDIT LOGGING
ADMINISTRATIVE CONTROLS
TECHNICAL CONTROLS

DELIVERY
SELECTING WHICH AVENUE TO DELIVER THE EXPLOIT
ATTACK
WEBSITES
SOCIAL MEDIA
WIRELESS ACCESS USER
INPUT
EMAIL
USB
INSIDER
DEFENCE
USER AWARENESS
WEB FILTERING
IDS/IPS
DKIM/SPF
DISABLE USB
LIMIT ADMIN RIGHTS
DNS FILTERING
ENCRYPTION

EXPLOITATION
WEAPONS DELIVERED AND ATTACK CARRIED OUT
ATTACK
SQL INJECTION
MALWARE
BUFFER OVERFLOW
JAVASCRIPT HIJACK
DDOS ATTACKS
DEFENCE
LINUX CHROOT
DISABLE POWERSHELL
UBA/EDR SOLUTION
INCIDENT RESPONSE
RECOVERY PLAN

INSTALLATION
GAIN BETTER ACCESS
ATTACK
PAYLOAD INJECTION
REMOTE ACCESS TOOLS
REGISTRY CHANGES
POWERSHELL COMMANDS
GAIN PERSISTENT ACCESS
DEFENCE
ANIT-EXPLOIT
SECURE PROGRAMMING
WEB FILTERING
IPS/IDS
ADVANCED PERSISTENT THREAT (APT)

COMMAND AND CONTROL
REMOTE CONTROL BY THE ATTACKER
ATTACK
REMOTE LOGIN
BOTNETS
TROJANS
PRIVILEGE ESCALATION
ADVANCED PERSISTENCE
DEFENCE
NETWORK SEGMENTATION
NGFW : C & C BLOCKING
DNS REDIRECT
APPLICATION CONTROLS
RESTRICT PROTOCOLS
ISOLATION
IOC: INDICATORS OF COMPROMISE

ACTION ON OBJECTIVE
ATTACKER EXECUTES DESIRED ACTION
ATTACK
MOTIVATION
FINANCIAL
POLITICAL
ESPIONAGE
MALICIOUS INSIDER
LATERAL MOVEMENT
DEFENCE
DATA LEAKAGE PREVENTION (DLP)
USER BEHAVIOR ANALYSIS
ZERO TRUST SECURITY
DETECT > RESPOND > RECOVER
DEVELOP MULTIPLE LAYERS OF SECURITY

DEFENCE FOR THE KILL CHAIN
RECONNAISSANCE WEAPONIZATION
DELIVERY
EXPLOITATION
INSTALLATION COMMAND & CONTROL
ACTION ON OBJECTIVE
● PHYSICAL CONTROLS
● ADMINISTRATIVE CONTROLS
● TECHNICAL CONTROLS

ISO 27001: ANNEX A CONTROLS
A.5 SECURITY POLICIES
A.6 DATA SECURITY
A.7 HUMAN SECURITY
A.8 ASSET MANAGEMENT
A.9 ACCESS CONTROL
A.10 CRYPTOGRAPHY
A.11 PHYSICAL SECURITY
A.12 OPERATIONAL SECURITY (PENTESTING)
A.13 COMMUNICATIONS SECURITY
A.14 SYSTEM ACQUISITION & MAINTENANCE
A.15 SUPPLIER RELATIONSHIPS
A.16 INCIDENT RESPONSE
A.17 BUSINESS CONTINUITY
A.18 COMPLIANCE
ADMINISTRATIVE - PHYSICAL - TECHNICAL
THREAT
RISK
CONTROL
MITIGATION

Niranjan Meegammana
MSc in Cyber Security (2022)
Sri Lanka Institute of Information Technology
Thank you

Similar to Killing the Cyber Security Kill Chain

Understanding Advanced Threats and How to Prevent ThemMarketingArrowECS_CZ

Addressing the cyber kill chainSymantec Brasil

INTRODUCTION TO CYBER FORENSICSSylvain Martinez

CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief inOllieShoresna

CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit

Poster_PamelaDempster_40096050Pamela Dempster

Next Generation Firewall and IPSData#3 Limited

Surviving Web SecurityGergely Németh

Dhishant -Latest ResumeDhishant Abrol

Prezentare_RSA.pptxAgusNursidik

Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council

Understanding Cyber Kill Chain and OODA loopDavid Sweigert

Cyber securitymanoj duli

INCIDENT RESPONSE OVERVIEWSylvain Martinez

Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter

Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaAngeloluca Barba

Kaspersky security for virtualization light agent launch presentationShapeBlue

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningSymantec

Shadow ITRisk Analysis Consultants, s.r.o.

Revolutionizing Advanced Threat ProtectionBlue Coat

Similar to Killing the Cyber Security Kill Chain (20)

Understanding Advanced Threats and How to Prevent Them

Addressing the cyber kill chain

INTRODUCTION TO CYBER FORENSICS

CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in

CYBER SECURITY CAREER GUIDE CHEAT SHEET

Poster_PamelaDempster_40096050

Next Generation Firewall and IPS

Surviving Web Security

Dhishant -Latest Resume

Prezentare_RSA.pptx

Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...

Understanding Cyber Kill Chain and OODA loop

Cyber security

INCIDENT RESPONSE OVERVIEW

Implementing a comprehensive application security progaram - Tawfiq

Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba

Kaspersky security for virtualization light agent launch presentation

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning

Shadow IT

Revolutionizing Advanced Threat Protection

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106

My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar

Vulnerability_Management_GRC_by Sohang Sengupta.pptxnull - The Open Security Community

Pigging Solutions in Pet Food ManufacturingPigging Solutions

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j

The transition to renewables in India.pdfCompetition Advisory Services (India) LLP

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j

Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group

Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime

08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community

08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls

Presentation on how to chat with PDF using ChatGPT code interpreternaman860154

Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics

My Hashitalk Indonesia April 2024 Presentation

Vulnerability_Management_GRC_by Sohang Sengupta.pptx

Pigging Solutions in Pet Food Manufacturing

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

The transition to renewables in India.pdf

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...

Next-generation AAM aircraft unveiled by Supernal, S-A2

Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

SQL Database Design For Developers at php[tek] 2024

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Presentation on how to chat with PDF using ChatGPT code interpreter

Swan(sea) Song – personal research during my six years at Swansea ... and bey...

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...

Killing the Cyber Security Kill Chain

1. KILLING THE CYBER SECURITY KILL CHAIN Niranjan Meegammana MSc in Cyber Security Sri Lanka Institute of Information Technology

2. Threat modeling identify potential threats and vulnerabilities in a threat landscape to help implement effective security controls for mitigations. THREAT MODELLING METHODOLOGIES STRIDE, PASTA, VAST, Trike, Attack Trees, CVSS, hTMMD MITRE ATT&CK OWASP METHOD DEPENDS ON THREAT LANDSCAPE

3. THREAT MODELLING PROCESS CYBER SECURITY KILL CHAIN APPLIES TO ALL

4. CYBER SECURITY KILL CHAIN ● A GENERIC ATTACK MODEL. ● STAGES OF AN ATTACKER. ● DESIGNED FOR A SUCCESSFUL ATTACK. ● REQUIRES DEFENCE IN EVERY STEP.

5. ATTACK STEPS OF KILL CHAIN RECONNAISSANCE WEAPONIZATION DELIVERY EXPLOITATION INSTALLATION COMMAND & CONTROL ACTION ON OBJECTIVE

6. RECONNAISSANCE GATHER INFORMATION ABOUT THE TARGET PASSIVE WHOIS ARIN GOOGLE SHODAN COMPANY WEBSITE JOB LISTINGS PROTECTION LIMIT PUBLIC INFORMATION ACCEPTABLE SOCIAL MEDIA USE MODIFY SERVER ERROR MESSAGES DOMAIN PRIVACY CONTROLS SCREENING PEOPLE

7. RECONNAISSANCE GATHER INFORMATION ABOUT THE TARGET ACTIVE NMAP PORT SCANNING BANNER GRABBING VULNERABILITY SCANNING PROTECTION DISABLE UNUSED PORTS DISABLE UNUSED SERVICES HONEYPOTS FIREWALL, IDS/ IPS TOR AND VPNs INBOUND BLOCKING

8. WEAPONIZATION FIND OR CREATE THE ATTACK THE WEAKNESS TOOLS METASPLOIT AIRCRACK NG BURP SUITE SOCIAL ENGINEERING TOOLKIT VEIL FRAMEWORK SQLMAP WAPITI AND MORE …. DEFENSES PATCH MANAGEMENT DISABLE OFFICE MACROS BROWSER PLUGINS ANTI VIRUS EMAIL SECURITY AUDIT LOGGING ADMINISTRATIVE CONTROLS TECHNICAL CONTROLS

9. DELIVERY SELECTING WHICH AVENUE TO DELIVER THE EXPLOIT ATTACK WEBSITES SOCIAL MEDIA WIRELESS ACCESS USER INPUT EMAIL USB INSIDER DEFENCE USER AWARENESS WEB FILTERING IDS/IPS DKIM/SPF DISABLE USB LIMIT ADMIN RIGHTS DNS FILTERING ENCRYPTION

10. EXPLOITATION WEAPONS DELIVERED AND ATTACK CARRIED OUT ATTACK SQL INJECTION MALWARE BUFFER OVERFLOW JAVASCRIPT HIJACK DDOS ATTACKS DEFENCE LINUX CHROOT DISABLE POWERSHELL UBA/EDR SOLUTION INCIDENT RESPONSE RECOVERY PLAN

11. INSTALLATION GAIN BETTER ACCESS ATTACK PAYLOAD INJECTION REMOTE ACCESS TOOLS REGISTRY CHANGES POWERSHELL COMMANDS GAIN PERSISTENT ACCESS DEFENCE ANIT-EXPLOIT SECURE PROGRAMMING WEB FILTERING IPS/IDS ADVANCED PERSISTENT THREAT (APT)

12. COMMAND AND CONTROL REMOTE CONTROL BY THE ATTACKER ATTACK REMOTE LOGIN BOTNETS TROJANS PRIVILEGE ESCALATION ADVANCED PERSISTENCE DEFENCE NETWORK SEGMENTATION NGFW : C & C BLOCKING DNS REDIRECT APPLICATION CONTROLS RESTRICT PROTOCOLS ISOLATION IOC: INDICATORS OF COMPROMISE

13. ACTION ON OBJECTIVE ATTACKER EXECUTES DESIRED ACTION ATTACK MOTIVATION FINANCIAL POLITICAL ESPIONAGE MALICIOUS INSIDER LATERAL MOVEMENT DEFENCE DATA LEAKAGE PREVENTION (DLP) USER BEHAVIOR ANALYSIS ZERO TRUST SECURITY DETECT > RESPOND > RECOVER DEVELOP MULTIPLE LAYERS OF SECURITY

14. DEFENCE FOR THE KILL CHAIN RECONNAISSANCE WEAPONIZATION DELIVERY EXPLOITATION INSTALLATION COMMAND & CONTROL ACTION ON OBJECTIVE ● PHYSICAL CONTROLS ● ADMINISTRATIVE CONTROLS ● TECHNICAL CONTROLS

15. ISO 27001: ANNEX A CONTROLS A.5 SECURITY POLICIES A.6 DATA SECURITY A.7 HUMAN SECURITY A.8 ASSET MANAGEMENT A.9 ACCESS CONTROL A.10 CRYPTOGRAPHY A.11 PHYSICAL SECURITY A.12 OPERATIONAL SECURITY (PENTESTING) A.13 COMMUNICATIONS SECURITY A.14 SYSTEM ACQUISITION & MAINTENANCE A.15 SUPPLIER RELATIONSHIPS A.16 INCIDENT RESPONSE A.17 BUSINESS CONTINUITY A.18 COMPLIANCE ADMINISTRATIVE - PHYSICAL - TECHNICAL THREAT RISK CONTROL MITIGATION

16. Niranjan Meegammana MSc in Cyber Security (2022) Sri Lanka Institute of Information Technology Thank you

Killing the Cyber Security Kill Chain

Recommended

Recommended

More Related Content

Similar to Killing the Cyber Security Kill Chain

Similar to Killing the Cyber Security Kill Chain (20)

Recently uploaded

Recently uploaded (20)

Killing the Cyber Security Kill Chain