Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore an expanded Cyber Kill Chain model to enhance attack resiliency in this 50-minute Black Hat conference talk. Delve into the limitations of the traditional Cyber Kill Chain framework and discover how an expanded model, including the Internal Kill Chain and Target Manipulation Kill Chain, can provide a more comprehensive understanding of adversary tactics. Learn about the actions taken in each phase and the necessary steps for adversaries to progress through the model. Gain insights into implementing multiple types of controls within your enterprise to frustrate adversary plans at each stage, preventing a "game over" scenario even after internal network access is gained. Understand the importance of multiple security zones on internal networks to protect critical assets and increase the time and effort required for adversaries to achieve their objectives. Explore concepts such as the De Loop, the Spiral, and the Tree to visualize attack progression and defense strategies. Examine practical examples, thresholds of defender success, and methods to shift the economic model in favor of defenders, ultimately improving overall cybersecurity resilience.
Syllabus
Introduction
Background
Purpose
Legacy Cyber Kill Chain
Legacy Cyber Kill Chain Critique
Perimeter Breach Kill Chain
Objectives
Expanded Cyber Kill Chain Model
Actions on Objectives
The De Loop
The Spiral
The Tree
Using The Model
Stage 2 Escalation
Stage 3 Lateral Movement
Stage 3 Reconnaissance
Stage 3 Exploitation
Stage 4 Weaponization
Stage 4 Installation
Stage 5 Execution
Resiliency
Example
Threshold of Defender Success
Shifting the Economic Model
Danger Zone and Safe Zone
Vertical vs Horizontal
Taught by
Black Hat