Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection.
What is the APT lifecycle phase that Harry is currently executing?
Harry is executing the 'Initial Intrusion' phase of the APT lifecycle. This phase involves attempting to enter the target network using techniques like sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Once these techniques are successful, malware is deployed onto the system to establish an outbound connection, thereby granting the attacker initial access to the network.
Preparation Initial Intrusion Expansion Persistence Search and Exfiltration Clean up
Are yall actually reading the question? Answer is B This is the key part -- "By successfully deploying malware on the target system, he establishes an outbound connection, allowing him to maintain access to the network." This is AFTER the initial intrusion he creates a persistent OUTBOUND connection.
Wrong. Please check CEH v12 official book Module 7 Malware Threats page no: 966.
You're making up your own words there, and got the answer wrong as a result. Nowhere was "maintain access" used in the question, and your own inference of "persistent" is also wrong. Take your own advise: read the question!
A. Initial intrusion Like questions V11 : Exam 312-50v11 topic 1 question 196
CEH Book V12 Module 07 Page 966 from book : " 2. Initial Intrusion Common techniques used for an initial intrusion are sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. "
This is the way
Refer to CEH v12 Module 7 Malware threats - APT Concepts page 649 Initial Intrusion The next phase involves attempting to enter the target network. Common techniques used for an initial intrusion are sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Spear-phishing emails usually appear legitimate but they contain malicious links or attachments containing executable malware. These malicious links can redirect the target to the website where the target’s web browser and software are compromised by the attacker using various exploit techniques. Sometimes, an attacker may also use social engineering techniques to gather information from the target. After obtaining information from the target, attackers use such information to launch further attacks on the target network. In this phase, malicious code or malware is deployed into the target system to initiate an outbound connection.
A. Initial intrusion In this scenario, Harry, a professional hacker, is targeting the IT infrastructure of an organization. He is using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers to gain initial access to the target network. By successfully deploying malware on the target system, he establishes an outbound connection, allowing him to maintain access to the network. The APT lifecycle consists of several phases, including initial intrusion, persistence, command and control, lateral movement, and data exfiltration. In the initial intrusion phase, the attacker gains access to the target network using various techniques, such as exploiting vulnerabilities or social engineering. Therefore, the correct answer is A. Initial intrusion.
Initial Intrusion Deployment of malware Establishment of outbound connection
Initial Intrusion
Option A initial Instrusion
Option A initial Instrusion