Options

Interview Question: How Would You Move Through KillChain? How Would You Defend It?

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
in Incident Response

So guys, how would you answer the interview question "Walk me through how you would move through the Delivery Exploitation, Installation, C2, and Actions On Objectives phases of the cyber kill chain as well as how to prevent yourself from using those techniques".
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Tagged:
· Share on FacebookShare on Twitter

Comments

  • Options
    JDMurrayJDMurray Admin Posts: 13,026 Admin
    edited March 2021
    Well, first of all, it's pretty good of them to list the stages of the Lockheed Martin Kill Chain (r) for you. Typically, the first question is to ask you to list the stages so they can hear that you know them. ;)
    The Kill Chain (or Attack Chain for those people that don't want to use Lockheed's registered trademark in their process documentation) is used to describe the stages of a cyber attack. The idea is the sooner you can stop a cyber attack (i.e. in the earlier Kill Chain stages) the less impact (i.e., cost) the attack will incur. By understanding the attack stages, you can plan your network defenses to detect and mitigate any attack sooner rather than later. This folds into Lockheed's other register trademark: Intelligence-Driven Computer Network Defense (r). (See the two papers I've linked below.)




    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    edited March 2021

    Thanks for the additional links JD.  Yeah, prior to the interview there are websites I hunted down that that mitigation steps for the LM Cyber Kill Chain however they were all preventative.  It would be nice to learn of the controls as the threat is detected though.  The link below shows the controls for the adversaries advance through the cyber kill chain (scroll down).  These CKK phase-specific controls found throughout the web are part of some sort of Lockheed Martins action-matrix.  Like I said though, they seem to be defense based and not something you would do during the incident.

    Controls To Cyber Kill Chain  
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
    · Share on FacebookShare on Twitter
Sign In or Register to comment.