Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
IT & Cybersecurity
Interview Question: How Would You Move Through KillChain? How Would You Defend It?
egrizzly
So guys, how would you answer the interview question "Walk me through how you would move through the Delivery Exploitation, Installation, C2, and Actions On Objectives phases of the cyber kill chain as well as how to prevent yourself from using those techniques".
Find more posts tagged with
lockheed martin cyber kill chain
kill chain
blue team
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
JDMurray
Well, first of all, it's pretty good of them to list the stages of the Lockheed Martin Kill Chain (r) for you. Typically, the first question is to ask
you
to list the stages so they can hear that you know them.
The Kill Chain (or
Attack Chain
for those people that don't want to use Lockheed's registered trademark in their process documentation) is used to describe the stages of a cyber attack. The idea is the sooner you can stop a cyber attack (i.e. in the earlier Kill Chain stages) the less impact (i.e., cost) the attack will incur. By understanding the attack stages, you can plan your network defenses to detect and mitigate any attack sooner rather than later. This folds into Lockheed's other register trademark:
Intelligence-Driven Computer Network Defense
(r). (See the two papers I've linked below.)
Seven Ways to Apply the Cyber Kill Chain®
with a Threat Intelligence Platform
(PDF)
Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and
Intrusion Kill Chains
(PDF)
egrizzly
Thanks for the additional links JD. Yeah, prior to the interview there are websites I hunted down that that mitigation steps for the LM Cyber Kill Chain however they were all preventative. It would be nice to learn of the controls as the threat is detected though. The link below shows the controls for the adversaries advance through the cyber kill chain (scroll down). These CKK phase-specific controls found throughout the web are part of some sort of Lockheed Martins
action-matrix.
Like I said though, they seem to be defense based and not something you would do during the incident.
Controls To Cyber Kill Chain
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
