TryHackMe - Introducing The Unified Kill Chain (Unified Kill Chain) | SOC Analyst 1

a picture of a chain referencing the chain of attack which is a fundamental concept in frameworks such as the UKC

To continue from the previous task, the Unified Kill Chain published in 2017, aims to complement (not compete) with other cybersecurity kill chain frameworks such as Lockheed Martin’s and MITRE’s ATT&CK.

The UKC states that there are 18 phases to an attack: Everything from reconnaissance to data exfiltration and understanding an attacker's motive. These phases have been grouped together in this room into a few areas of focus for brevity, which will be detailed in the remaining tasks.

Some large benefits of the UKC over traditional cybersecurity kill chain frameworks include the fact that it is modern and extremely detailed (reminder: it has 18 phases officially, whereas other frameworks may have a small handful)

a picture of a table showing the various phases of the unified kill chain, with a label of each phase and it's description


Benefits of the Unified Kill Chain (UKC) FrameworkHow do Other Frameworks Compare?
Modern (released in 2017, updated in 2022).
Some frameworks, such as MITRE’s were released in 2013, when the cybersecurity landscape was very different.
The UKC is extremely detailed (18 phases).
Other frameworks often have a small handful of phases.
The UKC covers an entire attack - from reconnaissance, exploitation, post-exploitation and includes identifying an attacker's motivation.
Other frameworks cover a limited amount of phases.
The UKC highlights a much more realistic attack scenario. Various stages will often re-occur. For example, after exploiting a machine, an attacker will begin reconnaissance to pivot another system.
Other frameworks do not account for the fact that an attacker will go back and forth between the various phases during an attack.
    Answer the questions below
    1. In what year was the Unified Kill Chain framework released? 2017







    2. According to the Unified Kill Chain, how many phases are there to an attack? 18

    3.What is the name of the attack phase where an attacker employs techniques to evade detection? Defense Evasion

    4.What is the name of the attack phase where an attacker employs techniques to remove data from a network? Exfiltration

    5.What is the name of the attack phase where an attacker achieves their objectives? Objectives

    Comments