What is the final step in the Cyber Kill Chain framework?
- command and control
- action on objectives
During the action on objectives step, the attacker achieves the long term goal. For example, it could be defacing a website or it could be stealing money. Exploitation comes after the attacker creates a weapon and delivers the weapon. It occurs when the weapon executes.
Installation comes after exploitation and involves the installation of additional tools and resources the hacker will use. These tools allow the attacker to maintain persistence while plotting the next step. Installation of a remote access Trojan (RAT) would be part of the installation step.
Communication with well-known malicious IP address is part of the Command and Control step, since the remote device is quite likely a command and control server.
The seven steps in the kill chain are:
Reconnaissance is the attacker gathers information to aid in penetrating the network
Weaponization is the attacker turns a legitimate utility or function into a weapon that can be used in the attack
Delivery is the attacker transmits the crafted exploit to the target
Exploitation is the exploit is executed
Installation is the hacker installs additional tools and resources on the target device or in the target network
Command and control is the attacker takes remote control of the target device from the Command and Control server
Actions on objectives is the attacker takes action (deletes data, steals data, defaces website)