Time
1 hour 41 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
Hey, guys, welcome back to the Sabbath, Kulti. Course. This is a German name and unfortunately today will have to conclude.
00:07
So, as I said before, I'm going to tear the criticism on the cyber culture. There are two main criticism out there. The 1st 1 is because of the nature of reconnaissance and organization and more of organization. They're fairly passive step that hard to detect, and it's extremely difficult to do so.
00:25
However, as we shared in the previous video,
00:28
when you use The Matrix, you can add more and more controls to detect, deny and so on during the reconnaissance and the organization face. Although they happen on the Internet, they happen away from you. There are one win away on another to protect your system from
00:46
during the reconnaissance and organization pays.
00:50
The second criticism we have for the Sabra kitchen is it's not suitable
00:56
to the inside the threat model,
00:58
and that's actually has some truth into it. As you won't find the delivery fee is being used, maybe not weaponization and so on. However, if you use the Sabbath contented just to design a depends and depth,
01:14
you would benefit even from inside the threat. If you have probably Jack's management, you have elevation on of privileges rather than giving users at Mr later accounts. Hey won't be able to go through this nation as an example if you monitored access from
01:30
at the insiders machine everywhere. Also in the environment,
01:36
you can actually detect any reconnaissance or any commanding control that he's actually doing. The same thing happens in action, but one objective. If you have a strong GOP
01:47
policy, you would be able to detect that someone is sending data out of the environment so
01:53
it might be not designed for insider threat. However,
01:57
the benefits of designing your
02:01
defence in depth you using the Sabra contain will cover ah, lot of the insider threat.
02:08
So what they did is they came up with the unified cult in which is ah
02:14
Aaaah!
02:15
Extension off the kill chain on a mix between the looking Martin call chain and Demetri Attack framework. So what they did is 18 phases
02:28
there,
02:30
designed in a way that there are three main steps the initial foot load, the network propagation and the action on objective, and each of them has a cycle that the attacker would go through until he achieves the
02:44
objective. Off that face, I'm going to leave a link to the unified Sultan, and the resource is,
02:53
Please go ahead and need more about it if you're interested.
02:57
OK, so at the beginning of the course who shared with you a pre assessment questions,
03:01
I think it might be more applicable to change that to a post assessment questions. So what is the Sabbath? Guilting? We talked about the kill chain being a military model Thio
03:15
to identify attacks or to have a successful attack on a target. The subject Cult Ian, is not really different.
03:23
What look it Martin did is I
03:25
translated the steps. Then Attackers usually
03:30
have during a targeted attack into a seven face model
03:37
that is applicable and is used as widely used by everyone.
03:42
So what are the seven phases or steps up the liquid? Martin Guilty. The 1st 1 is reconnaissance. Second is weaponization. Tree is liberty. Four is exploitation five as insulation six is commanding control on second on seven is action on objective.
04:00
So what steps in the container passive and which are active? As we said in reconnaissance, it's a combination of both their some active aspect of it, and there's some passive
04:12
aspect of it in a weaponization. It's a fairly passive step, and then you have delivery, exploitation, insulation, commanding control and action objective. Being active phase is finally, how do we use the Sava cult Ian and designing defense
04:29
we used. We went over the defense matrix where we have
04:32
our seven faces and one access tech deny and so on on the other access. And then we decide our network to detect, deny, to stop them. So on on each and every one of the seven faces off the cyber culture.
04:48
Okay, So before we conclude, let's go on last time over the Sabbath, guilty and we start with the reconnaissance where gathered as much information as possible about the target. And then we moved on toe weaponization where we designed our payload that we're going to use.
05:05
We could not have successfully designed the weapon doing organization if we did not have a six aesthetic and ah, reconnaissance
05:14
and Step three or face three. We went through delivery again. We used the information we gained doing reconnaissance to design a successful delivery of our payload and face for we exploited the vulnerability on the victim's environment on dhe and face. Five wins told a payload
05:33
on the victim's machine and face six. We communicate to do this payload
05:38
and if a seven we achieved our goal, we achieved our objective and we got the information or the data that we want to get from that targeted attack.
05:50
I hope you guys enjoyed this course. Is that much as I did?
05:55
Good luck protecting your environments.

Cybersecurity Kill Chain™

A practical take on Lockheed Martin Cyber Kill Chain™, The course simulates an example target attack following the 7 phases of the Cyber Kill Chain™.

Instructed By

Instructor Profile Image
Abdulrahman Alnaim
Security Operations Manager
Instructor