How Hackers Hack: Attacker Methodology and Exploitation
Kill Chain Deep Dive with Synack Solutions Architect Jeremiah Roe
In this kill chain deep dive discussion and video, Synack Solutions Architect and Red Team Expert, Jeremiah Roe takes a practical approach to the attacker lifecycle. He walks through each of the 7 steps of the kill chain, from Reconnaissance to Actions on Objectives, providing live demonstrations, sharing examples and tools for each step. Security professionals will come away from the workshop with a deeper understanding of the adversarial mindset and ways to apply an intelligence-driven defense model to identify, detect and prevent intrusions by threat actors.
This demo goes beyond common knowledge to share the exploits, attacks and threats that can be stopped or prevented at every point in the kill chain. Let’s give you a sneak peak into phase 1 Reconnaissance.
During the Reconnaissance phase, threat actors attempt to determine whether a potential target network is worth the effort. External to the network, threat actors review available information and resources about an organization and public-facing network assets. Company websites, news articles, and social media can be used to develop a list of potential targets or network infiltration vectors, such as:
- What employee names and contact information are available?
- Could any public information be used for social engineering attacks or specific targeting of an individual employee?
- What forward-facing servers or other critical systems does the organization have online?
- Do these systems have vulnerabilities?
Tune in to the 1-hour kill chain deep dive video to learn more.
- How the adversary applies the kill chain: We share the 7-step process of the attacker lifecycle and methodologies with an in-depth demonstration of the kill chain
- New Exploits (And How to Defend Against Them): A live demo highlights what a couple of exploits look like, for example our demo exploit, #CleptoVirun. Listen in on the various scenarios with an adversarial mindset, while taking into account threat actors and how they commonly exploit or target one of the six critical weaknesses in the defensive posture.
- How to Add Rigor to Your Pentesting: Where traditional penetration testing stops and crowdsourced penetration testing probes further