How is attacking a vulnerability categorized?
How is attacking a vulnerability categorized?
Attacking a vulnerability is categorized as exploitation. Exploitation refers to the process of triggering the malicious code to take advantage of a weakness in the system or application, allowing the attacker to carry out their intended malicious activity.
Exploitation is correct option C.
"C" is correct Here are the steps of the Kill Chain Model. The example are in the context of the question 1) Reconnaissance - identified vulnerabilities 2) Weaponization - prepare (in lab) the weapon, for example a file with malware code. 3) Delivery - transmit the file (e-mail, website, etc) 4) Exploitation - trigger the weapon (execute the code), exploiting the vulnerability 5) Installation - the weapon installs a backdoor (server) 6) Command and control (C2 or CnC) - connection to the treat actor 7) Actions on objectives - do the job (stealing information, for example)
Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network. Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities. Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives) Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability. Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder. Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network. Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom. (source: https://en.wikipedia.org/wiki/Kill_chain) So C is the right answer
C. exploitation
exploitation
C. Exploitation
Here are the steps of the Kill Chain Model. The example are in the context of the question 1) Reconnaissance - identified vulnerabilities 2) Weaponization - prepare (in lab) the weapon, for example a file with malware code. 3) Delivery - transmit the file (e-mail, website, etc) 4) Exploitation - trigger the weapon (execute the code), exploiting the vulnerability 5) Installation - the weapon installs a backdoor (server) 6) Command and control (C2 or CnC) - connection to the treat actor 7) Actions on objectives - do the job (stealing information, for example)
C.exploitation
The correct answer is C. Exploitation, as it refers to the process of taking advantage of a weakness in a system or application in order to carry out some sort of malicious activity. Here's why the other options are incorrect: A. Action on objectives refers to the specific goals and objectives that an attacker is trying to achieve through their attack. For example, an attacker's objective might be to steal sensitive data, disrupt normal operations, or install malware on a target system. B. Delivery refers to the method by which an attacker delivers their attack payload (such as malware or other malicious code) to the target system. This might involve phishing emails, drive-by downloads, or other types of social engineering tactics. D. Installation refers to the process of actually installing the malicious payload onto the target system. This step in the attack process may involve running a malicious program or script, or modifying existing system files to enable continued access for the attacker.
c is correct