Interview Question: How Would You Move Through KillChain? How Would You Defend It?

egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+Member Posts: 490 ■■■■■□□□□□

So guys, how would you answer the interview question "Walk me through how you would move through the Delivery Exploitation, Installation, C2, and Actions On Objectives phases of the cyber kill chain as well as how to prevent yourself from using those techniques".
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,542 Admin
    edited March 2021
    Well, first of all, it's pretty good of them to list the stages of the Lockheed Martin Kill Chain (r) for you. Typically, the first question is to ask you to list the stages so they can hear that you know them. ;)
    The Kill Chain (or Attack Chain for those people that don't want to use Lockheed's registered trademark in their process documentation) is used to describe the stages of a cyber attack. The idea is the sooner you can stop a cyber attack (i.e. in the earlier Kill Chain stages) the less impact (i.e., cost) the attack will incur. By understanding the attack stages, you can plan your network defenses to detect and mitigate any attack sooner rather than later. This folds into Lockheed's other register trademark: Intelligence-Driven Computer Network Defense (r). (See the two papers I've linked below.)



  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 490 ■■■■■□□□□□
    edited March 2021

    Thanks for the additional links JD.  Yeah, prior to the interview there are websites I hunted down that that mitigation steps for the LM Cyber Kill Chain however they were all preventative.  It would be nice to learn of the controls as the threat is detected though.  The link below shows the controls for the adversaries advance through the cyber kill chain (scroll down).  These CKK phase-specific controls found throughout the web are part of some sort of Lockheed Martins action-matrix.  Like I said though, they seem to be defense based and not something you would do during the incident.

    Controls To Cyber Kill Chain  
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Sign In or Register to comment.