28 January 2021

Cyber Ramblings of a Middle-Aged Woman: The Cocktail

Michelle Welch Fuller

Reflections from a Synack customer success manager

By Michelle Welch Fuller

What does the cyber kill chain and cocktails have in common? Surprisingly I did find comparisons. A cocktail is an enjoyable drink that helps you remove barriers and inhibitions. The cyber kill chain defines the stages of a cyber attack that removes barriers and exposes your vulnerabilities.

Ask yourself, do you binge drink on the weekend? If you do, and I am not judging, just know the cyber attack binge is 24/7. Sit down, pour yourself a drink and let’s map out the 7 steps of the kill chain process compared to that of a proper cocktail. 

The cyber kill chain versus the cocktail

  • Reconnaissance

Cocktail: The beginners cocktail has to be a ‘Kir Royale,’ it’s chic and sophisticated and if you’re in a crowded bar you’re likely looking around to identify other refined and stylish individuals.

Hacker: Initially, an attacker farms as much information as they possibly can to prepare for an attack on your assets. They will review public information or use common scanning tooling to identify known vulnerabilities in your firewalls, IDS systems or authentication mechanisms.

  • Weaponization

Cocktail: The choice of cocktails are endless, go straight in for the hard liquor! I suggest a ‘Whiskey Mac.’. You are that debonair individual holding that kristal tumbler and looking for that potent effect in your throat as you take your first sip. 

Hacker: The hacker has a choice of weapons to use that are widely available to both attackers and defenders. Their decision will be based on what they discovered in the reconnaissance phase to determine the most effective attack vector and the appropriate weapon.

  • Delivery

Cocktail: Next try the ‘Harvey Wallbanger’ but order this one via table service. Attempt to inject as much alcohol content into your bloodstream as you no longer need to get out of your seat. Ignore the  vodka and galliano and keep telling yourself it’s just orange juice!

Hacker: An attacker is identifying the best option to get a starting position on their attack, they have done their due diligence on which approach to take? They could inject malware, exploit a known vulnerability or use a mail campaign. The question is will they be detected?

  • Exploitation

Cocktail: Jumping straight into the ‘Grasshopper,’ this is not the coding app for beginners or a chewing insect, it’s actually one of my personal favorites. The effect of chocolate and mint is quite divine! You will undoubtedly want to consume more of these.

Hacker: Ta da! The hacker’s technique has worked producing the desired effect, they can now proceed to bypass one or more of your security protections. But how far will the attacker go to get the level of control they desire, or are there protections to stop them in their tracks? They could simply stop at this point, but (thinking back to my analogy with the cocktails) unlikely!

  • Installation

Cocktail: You are now feeling warm and fuzzy and want to stay out for a while longer, then go for a ‘Sloe Gin Fizz.’ Take the time to move and mingle progressively through the crowd. If you persevere you may even make it to the bathroom door but try not to stumble along the way.

Hacker: If the hacker remains undetected they will continue to look for design flaws, known bugs or configuration issues in your application or operating system. If they can persist on target and elevate access to more resources, they may achieve their desired effect.

  • Command and Control 

Cocktail: Take some time out and enjoy a minty cocktail with zero-alcohol, a ‘Virgin Mojito.’ This is not only good for your breath but helps present yourself as someone still being in control. You may be singing badly on karaoke but you still have reasonable faculties and hold it together.

Hacker: The researcher’s actions result in having the staying power to remain on target and control their actions remotely. The implant deployed during installation is now ready for data extraction or further reconnaissance. There is a beacon of hope once that communication channel has been established, all whilst putting in diversions to keep ahead of the game.

  • Actions on Objectives

Cocktail: No cocktail recommendations here, just a bit of advice. Have a glass of water before you drop or smash a few glasses, or buy too many drinks for your friends or even tip your drink onto a friendly bystander. You will do it all over again, so learn that rehydration is important.

Hacker: The hacker may have accomplished their goals for now but they may not stop there. If your data is compromised it could be used by a malicious actor to cause an effect or by an ethical actor to show you the errors of your ways. I hope it is not the former but the latter. Now ask yourself what you would do in each situation.

For a detailed journey into the hacker mindset, check out How Hackers Hack: Attacker Methodology and Exploitation — a step-by-step look into the seven steps of the kill chain, from Reconnaissance to Actions on Objectives. 

Back to the bar, for reference we’ve included a full cocktail recipe list for the above-mentioned cocktails – enjoy! 

Cocktail List
Kir Royal Add a small dash of creme to cassis to a flute and top with either champagne or a good quality sparkling white wine.
Whiskey Mac 1 1/2 ounces blended scotch, 1 ounce Stone’s original green ginger wineFill an Old Fashioned glass with ice. Add scotch and green ginger wine, and lightly stir to combine.
Harvey Wallbanger 1 1/2 oz (3 parts) Vodka, 1/2 oz (1 part) Galliano, 3 oz (6 parts) Fresh orange juiceStir the vodka and orange juice with ice in the glass, then float the Galliano on top. Garnish and serve.
Grasshopper 1 oz (1 part) Crème de cacao (white), 1 oz (1 part) Crème de menthe (green), 1 oz (1 part) Fresh cream and a sprinkle of chocolate. Pour ingredients into a cocktail shaker with ice. Shake briskly and then strain into a chilled cocktail glass.
Sloe Gin Fizz   1 1/2 ounces sloe gin, 1 ounce lemon juice, freshly squeezed, 3/4 ounce syrup, club soda, to top, garnish with lemon wedge and cherry. Add the sloe gin, lemon juice and syrup into a cocktail shaker with ice, fill a highball glass with ice and pour. Top with soda and garnish.
Virgin Mojito 20g/¾oz of mint, 3 tbsp caster sugar,150ml/¼ pint fresh lime juice, plus a few lime slices or wedges to serve, 2 handfuls ice, 1 litre/1¾ pint chilled soda water (ingredients for a pitcher – probably needed). Pick the leaves from the mint and put in the base of a large jug. Sprinkle over the sugar, then pour over the lime juice.Add some ice, then pour over the chilled soda water. 
Water Go to the kitchen, take a glass from your cupboard. Put the tap on. Fill your glass and drink it…