概要
TryHackMe「Unified Kill Chain」のWalkthroughです。
Task2
Q1.Where does the term "Kill Chain" originate from?
A.military
Task3
Q1.What is the technical term for a piece of software or hardware in IT (Information Technology?)
Hint.This is defined in the task!
A.asset
Task4
Q1.In what year was the Unified Kill Chain framework released?
A.2017
Q2.According to the Unified Kill Chain, how many phases are there to an attack?
A.18
Q3.What is the name of the attack phase where an attacker employs techniques to evade detection?
A.Defense Evasion
Q4.What is the name of the attack phase where an attacker employs techniques to remove data from a network?
A.Exfiltration
Q5.What is the name of the attack phase where an attacker achieves their objectives?
Hint.This is the end goal. For example, the attacker has managed to steal and sell data from an organisation.
A.Objectives
Task5
Q1.What is an example of a tactic to gain a foothold using emails?
Initial Accessカテゴリーから確認できます。
A.Phishing
Q2.Impersonating an employee to request a password reset is a form of what?
A.Social Engineering
Q3.An adversary setting up the Command & Control server infrastructure is what phase of the Unified Kill Chain?
A.Weaponization
Q4.Exploiting a vulnerability present on a system is what phase of the Unified Kill Chain?
A.Exploitation
Q5.Moving from one system to another is an example of?
A.Pivoting
Q6.Leaving behind a malicious service that allows the adversary to log back into the target is what?
A.Persistence
Task6
Q1.As a SOC analyst, you pick up numerous alerts pointing to failed login attempts from an administrator account. What stage of the kill chain would an attacker be seeking to achieve?
A.Privilege Escalation
Q2.Mimikatz, a known attack tool, was detected running on the IT Manager's computer. What is the mission of the tool?
A.Credential dumping
Task7
Q1.While monitoring the network as a SOC analyst, you realise that there is a spike in the network activity, and all the traffic is outbound to an unknown IP address. What stage could describe this activity?
A.Exfiltration
Q2.Personally identifiable information (PII) has been released to the public by an adversary, and your organisation is facing scrutiny for the breach. What part of the CIA triad would be affected by this action?
CIA triadについて調べます。
Fortinetの記事を参考にしました。
A.Confidentiality
Task8
Q1.Match the scenario prompt to the correct phase of the Unified Kill Chain to reveal the flag at the end. What is the flag?
Unified Kill Chainの該当するフェーズを回答するとフラグを入手できます。
A.THM{UKC_SCENARIO}