CSA Tutoring I Cyber kill chain, Linux, Lucid

For the first CSA tutoring post we will cover the tools or malware that matches each stage of the Cyber kill chain and several other topics.

Lockheed Martin Cyber Kill Chain graphic

Stage 1 Reconnaissance: Take a look at what is happening. Harvesting email addresses, conference information, etc.


Let’s find the names of some malware that can accomplish this. First can we be any more specific about what the reconnaissance is doing? Seeking information that reveal vulnerabilities in the system. Specifically? Firewalls, intrusion detection systems, operating systems, applications (and their version). Is that enough information yet? no? What if we add: packet sniffing, port scanning and OSINT?

One important note before we move on: The attacker is usually assessing the target from outside the organization. Take a minute to research “black box” on google. and moving on..

Now can we determine the names of reconnaissance malware and tools? Give it a go on google search.

Keep searching.

Ok let’s compare notes: I’ve got wireshark, nmap, and netcat.



Stage 2 Weaponization:  Coupling exploit with a backdoor into a deliverable payload. Worded another way: The threat actor now develops malware specially crafted to the vulnerabilities discovered in the Reconnaissance stage.

Before we move to tools and malware what are the attackers goals at this stage?

Help out a mate

Help a friend kickstart their career through thought leading digital career content. Everything from Data Analytics through to Cyber Security. 

Share on facebook
Share on linkedin
Share on twitter
Share on reddit