At which stage of the Cyber-Attack Lifecycle would the attacker attach an infected PDF file to an email?
At which stage of the Cyber-Attack Lifecycle would the attacker attach an infected PDF file to an email?
The correct answer is Delivery. In the Cyber Attack Lifecycle, the Delivery stage involves transmitting the malicious payload to the target. Attaching an infected PDF to an email pertains to this stage as the attacker is preparing and sending the malicious file to the victim. This aligns with the transition from the external environment to the internal environment of the target, marking the choice of delivery mechanism to reach the target system. The actual exploitation of the system or application happens in the subsequent Exploitation stage, once the infected file is opened or executed by the victim.
PALO ALTO NETWORKS: PCNSA Study Guide 26: Delivery: This stage marks the transition from the attacker working outside of an organization’s network to working within an organization’s network. Malware delivered during this stage is designed to exploit existing software vulnerabilities. To deliver its initial malware, the attacker might choose to embed malicious code within seemingly innocuous PDF or Word files, or within an email message. For highly targeted attacks, an attacker might craft a deliverable related to the specific interests of an individual that might entice the individual into accessing a malicious website or opening an infected email message
i agree with you.
This is very confusing! it defies all the security related training I've attended and books I've read. an attacker sending a random infected attachment via email seems to me, it is the first stage (exploration or reconnaissance).
Exploration and reconnaissance would not involve sending any infected attachments. Those first stages are used only to gather intel to determine individuals to target, possible vulnerabilities in the network, etc. This can involve looking at organizational structures/job positions, network port/vulnerability scans, etc. Those stages do not include any actual exploitation or attempted exploitation. its only to gather information to determine the best possible method for attack and successful installation or an exploitation. That is done in the delivery phase. So A is the correct answer.
When reading Security+ and other sources, the matter is clearer. "Deliver" is creating the package, not sending the package. "Exploit" is the initial attack. Thus, the answer: D Exploit
Answer is D https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle
Exactly, D is correct: Exploitation: In this stage, attackers deploy an exploit against a vulnerable application or system, typically using an exploit kit or weaponized document. This allows the attack to gain an initial entry point into the organization.
Answer is "A". This answer comes right our of the PCNSA Study guide Aug 2020, pg 31.
I think This question is Missing a answer.
Absoluut A
correct, coboo
To deliver its initial malware, the attacker might choose to embed malicious code within seemingly innocuous PDF or Word files, or within an email message.
A. When you think of the attacker attaching the exploit, it's prior to Exploitation so that could only mean Delivery.
A is correct
Delivery, IF the question were worded: At which stage of the Cyber-Attack Lifecycle would the attacker send an email with an infected PDF file attached? Attaching an infected PDF file to an email happens @ Weaponization. PCNSA Study guide "All Weaponization activity occurs on machines away from the target." Sending the email would be at the Delivery phase.
Is it correct to think about this in the following way: 1. The email itself is the delivery method. 2. The infected PDF is the exploit method.
Delivery 100%
A.Delivery is the answer Weapon is transmitted to the target
the answer is D. Exploitation The Delivery stage the Attackers will then determine which methods to use in order to deliver malicious payloads. such as exploit kits, spear phishing attacks with malicious links, or attachments and malvertizing. in Exploitation stage Attackers deploy an exploit against a vulnerable application or system, typically using an exploit kit or weaponized document. This is determined by the delivery method the chose in delivery stage. check this link:- https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#:~:text=Exploitation%3A%20In%20this%20stage%2C%20attackers,entry%20point%20into%20the%20organization.
Answer A. But should read Weaponization and Delivery. Exploitation is once the infected pdf, doc, etc is opened and the the attack is deployed on the network. https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle
It must be Delivery: the attacker in the question is just attaching a document to an email, therefore the email has not been yet sent at all: from what we know at this point, there might not be any exploitation phase (e.g. if the attacker does not hit "send")
The Answer is D, You can refer link below https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle
Answer A is Correct