An attacker has successfully exploited a vulnerability on a server. To ensure continued access even if the server is rebooted or the initial vulnerability is patched, the attacker modifies system startup files and adds a new service. In which stage of the Cyber Kill Chain is the attacker operating?
The correct answer is 'Installation'. This stage of the Cyber Kill Chain involves installing malware, creating backdoors, or making other system changes to establish and maintain a persistent foothold in the target environment. Reconnaissance is the initial information-gathering phase. Command and Control (C2) is the subsequent stage where the installed malware communicates with the attacker for remote control. Actions on Objectives is the final phase where the attacker carries out their ultimate goal, such as data exfiltration.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common methods attackers use to establish persistence?
Open an interactive chat with Bash
What is the significance of addressing the establishment of persistence in cybersecurity?
Open an interactive chat with Bash
How does the 'Establishment of persistence' stage differ from the 'Command and Control' stage?