One thought on “Which stage attacking the vulnerability belongs in Cyber kill chain?”
Official Book Page #376
Answer: Weaponization
Once an adversary has identified the easiest and best target and approach to
launch an attack, the next step is to develop and test how the attack will be
executed. Typically, reconnaissance will provide guidance for how the attack
is developed based on identified vulnerabilities that could be exploited. An
example might be researching a vulnerability on the server found during the
reconnaissance stage and matching a known exploit to use against it. A lab
could be built where the adversary installs a similar version of software on a
test system as what was found on the target’s network. He or she could then
attempt to exploit it and confirm a successful exploitation of the vulnerability
is possible.
Official Book Page #376
Answer: Weaponization
Once an adversary has identified the easiest and best target and approach to
launch an attack, the next step is to develop and test how the attack will be
executed. Typically, reconnaissance will provide guidance for how the attack
is developed based on identified vulnerabilities that could be exploited. An
example might be researching a vulnerability on the server found during the
reconnaissance stage and matching a known exploit to use against it. A lab
could be built where the adversary installs a similar version of software on a
test system as what was found on the target’s network. He or she could then
attempt to exploit it and confirm a successful exploitation of the vulnerability
is possible.