As you all know, this is Christmas month and tryhackme released the advent of cyber 2022 . In this, we will get 25 tasks for 25 days. I will try to cover all 25 days in my blog. So follow me if you don't want to miss any opportunity. Let's do this.
Day 1: Someone's coming to town!
So before doing the task, let's first understand the basic concept of this room. First of all, let's understand what is MITRE ATT&CK Framework. It is a framework that uniquely describes cyberattacks from the attacker’s perspective, and is quickly being adopted by organizations worldwide as a tool for analyzing threats and improving security defences.
Now another question arrive what is a Cyber kill Chain? The cyber kill chain is a cybersecurity model created by Lockheed Martin that traces the stages of a cyber-attack, identifies vulnerabilities, and helps security teams to stop the attacks at every stage of the chain.
Now comes the main concept Unified Kill Chain. It can be described as the unification of the MITRE ATT&CK and Cyber Kill Chain frameworks. It has 18 phases of attacks which are divided into 3 Cycles. In the tasks of this room, we are mainly going to use these phases. Let's Discuss these phases and cycles.
Cycle 1: In
In this cycle, the attacker tries to gain access to a system. They follow simple 8 steps to do so :
Reconnaissance: In this step, the attacker research about the target by publicly available information. It can include identifying potential targets, finding their vulnerabilities, discovering which third parties are connected to them (and what data they can access), exploring existing entry points as well as finding new ones.
Weaponisation: The attacker tries to create malware to be used against the target. Weaponization can include creating new types of malware or modifying existing tools to use in a cyberattack.
Delivery: Now attacker will deliver this malware to the target's system by phishing or other means.
Social Engineering: Attacker will try to trick their target to install the malware they delivered. Once the malware is installed, they can move to the next step.
Exploitation: If the attacker finds any vulnerability in the system, they will take advantage and start exploiting the system.
Persistence: It is a technique attacker to maintain a connection with target systems after interruptions that can cut off their access.
Defence Evasion: Attacker will disable any defence mechanism to remain anonymous. It also includes deleting every evidence of their presence.
Command & Control: Now the attacker can take over the whole system by sending commands. The attacker now has complete control of the victim’s computer and can execute any code.
After this cycle is complete, Cycle 2 will start.
Cycle 2: Through
Under this cycle, attackers will be interested in gaining more access and privileges to assets within the network.
Pivoting: Now one system is compromised. The attacker will try to target one or more systems from an already compromised device.
Discovery: Attacker will try to gain more information about the compromised target such as available users and data. They will try to find more vulnerabilities within the network so that they can gain access to the whole network.
Privilege Escalation: The attacker will try to gain access to higher permission so that they can execute any command without any interruption. Think of it as an attacker exploiting your kali Linux to become the root user.
Execution: Now the attacker has more access to the system so they will execute more malicious code to steal the data or for further havoc on the system.
Credential Access: The data they steal may also include the username, id and password of more systems which can help attacker with more firepower for their attacks.
Lateral Movement: After getting the credentials, the attacker will try to access more systems within a network.
After this cycle is complete, Cycle 3 will start.
Cycle 3: Out
The Confidentiality, Integrity and Availability (CIA) of assets or services are compromised during this phase. Money, fame or sabotage will drive attackers to undertake their reasons for executing their attacks, cause as much damage as possible and disappear without being detected.
Collection: It involves gathering all the information and data from the compromised systems which was the main purpose of this attack.
Exfiltration: The information they gathered must get exported from the compromised system. For this, they use various techniques to copy all the data from the compromised system to the attacker's system.
Impact: It involves manipulating or destroying the information to damage the reputation of the organisation.
Objectives: Attackers may have other goals to achieve that may affect the social or technical landscape that their targets operate within. Defining and understanding these objectives tends to help security teams familiarise themselves with adversarial attack tools and conduct risk assessments to defend their assets.
I hope you understood all these phases. Before moving to the task, I would advise you to revise all these cycles again.
Now, Let's Start our task. Click on view site which is available at the start of this task.
When you view this site, you will get a puzzle like this.
So, do you remember what was our first step in the first cycle? You got it right. It was Reconnaissance. Drag the reconnaissance piece and put it in the first block.Try to complete the puzzle by dragging the correct piece at the correct block (correct sequence of cycle 1).
After completing this puzzle, click on next.
In this puzzle, you need to show the correct sequence of cycle 2. The first step of cycle 2 was Pivoting.
Click on next for puzzle three.
Till now, you must have guessed what we have to do in puzzle three. Yesss ..... The correct sequence of cycle 3.
Congratulations you finished this puzzle. Click on finish.
So you got the flag and the real culprit. This was the question of this task.
YESS .... we completed this task. New task will be added tomorrow. Till then you can follow me here for upcoming blogs on the advent of cyber 2022. In the end , you will get a certificate from tryhackme for completing this challenge.
Keep learning and keep spreading Knowledge.