THM Writeups
Back to all writeups
extracted

Unified Kill Chain

~15 min read
Ques1- Where does the term "Kill Chain" originate from? Ans- military Ques2- What is the technical term for a piece of software or hardware in IT (Information Technology?) Ans- asset Ques3- In what year was the Unified Kill Chain framework released? Ans- 2017 Ques4- According to the Unified Kill Chain, how many phases are there to an attack? Ans- 18 Ques5- What is the name of the attack phase where an attacker employs techniques to evade detection? Ans- Defense Evasion Ques6- What is the name of the attack phase where an attacker employs techniques to remove data from a network? Ans- Exfiltration Ques7- What is the name of the attack phase where an attacker achieves their objectives? Ans- Objectives Ques8- What is an example of a tactic to gain a foothold using emails? Ans-Phishing Ques9-Impersonating an employee to request a password reset is a form of what? Ans- Social Engineering Ques10- An adversary setting up the Command & Control server infrastructure is what phase of the Unified Kill Chain? Ans-Weaponization Ques11- Exploiting a vulnerability present on a system is what phase of the Unified Kill Chain? Ans- Exploitation Ques12- Moving from one system to another is an example of? Ans- Pivoting Ques13- Leaving behind a malicious service that allows the adversary to log back into the target is what? Ans- Persistence Ques14- As a SOC analyst, you pick up numerous alerts pointing to failed login attempts from an administrator account. What stage of the kill chain would an attacker be seeking to achieve? Ans- Privilege Escalation Ques15- Mimikatz, a known post-exploitation tool, was recently detected running on the IT Manager’s computer. Security logs show that Mimikatz attempted to access memory spaces typically used by Windows to store user authentication secrets. Considering the usual capabilities and purpose of Mimikatz, what is the primary objective of this tool in such an attack scenario? Ans- Credential dumping Ques16- Match the scenario prompt to the correct phase of the Unified Kill Chain to reveal the flag at the end. What is the flag? Ans- THM{UKC_SCENARIO}
Back to all writeups