https://tryhackme.com/room/unifiedkillchain
Stehen bei den Fragen keine Lösungswege, können diese immer mit Hilfe des vorangegangenen Textes beantwortet werden.
Task 1 Introduction
Keine Fragen in diesem Task.
Task 2 What is a „Kill Chain“
Where does the term „Kill Chain“ originate from?
Antwort: military
Task 3 What is „Threat Modelling“
What is the technical term for a piece of software or hardware in IT (Information Technology?)
Antwort: asset
Task 4 Introducing the Unified Kill Chain
In what year was the Unified Kill Chain framework released?
Antwort: 2017
According to the Unified Kill Chain, how many phases are there to an attack?
Antwort: 18
What is the name of the attack phase where an attacker employs techniques to evade detection?
Antwort: defense evasion
What is the name of the attack phase where an attacker employs techniques to remove data from a network?
Antwort: exfiltration
What is the name of the attack phase where an attacker achieves their objectives?
Antwort: objectives
Task 5 Phase: In (Initial Foothold)
What is an example of a tactic to gain a foothold using emails?
Antwort: Phishing
Impersonating an employee to request a password reset is a form of what?
Antwort: Social Engineering
An adversary setting up the Command & Control server infrastructure is what phase of the Unified Kill Chain?
Antwort: Weaponization
Exploiting a vulnerability present on a system is what phase of the Unified Kill Chain?
Antwort: Exploitation
Moving from one system to another is an example of?
Antwort: Pivoting
Leaving behind a malicious service that allows the adversary to log back into the target is what?
Antwort: Persistence
Task 6 Phase: Through (Network Propagation)
As a SOC analyst, you pick up numerous alerts pointing to failed login attempts from an administrator account. What stage of the kill chain would an attacker be seeking to achieve?
Antwort: Privilege Escalation
Mimikatz, a known attack tool, was detected running on the IT Manager’s computer. What is the mission of the tool?
Hat man Zugriff auf einen Rechner und installiert mimikatz, kann es (unter anderem) an Benutzernamen und Passwörter von Accounts kommen und diese auslesen.
Antwort: credential dumping
Task 7 Phase: Out (Action on Objectives)
While monitoring the network as a SOC analyst, you realise that there is a spike in the network activity, and all the traffic is outbound to an unknown IP address. What stage could describe this activity?
Antwort: Exfiltration
Personally identifiable information (PII) has been released to the public by an adversary, and your organisation is facing scrutiny for the breach. What part of the CIA triad would be affected by this action?
Antwort: confidentiality
Task 8 Practical
Match the scenario prompt to the correct phase of the Unified Kill Chain to reveal the flag at the end. What is the flag?
Wir öffnen die angegebene Seite und beantworten die Fragen:
- Reconnaissance
- Persistence
- Command and Control
- Pivoting
- Action and Objectives
Antwort: THM{UKC_SCENARIO}
Task 9 Conclusion
Keine Fragen in diesem Task.