A security analyst is using the cyber kill chain framework to examine a recent spear-phishing attack against their organization. After identifying the initial compromise, what should the analyst focus on next if following the kill chain model?
After the initial compromise, which includes Delivery and Exploitation phases, the next focus should be on the Installation phase. In this stage, the attacker installs malware to establish a foothold. This step is critical to analyzing and stopping further progression of the attack. Focusing on lateral movement or persistence mechanisms would be premature if the installation hasn't been properly assessed and mitigated.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the cyber kill chain framework?
Open an interactive chat with Bash
What types of malware might be installed during the Installation phase?
Open an interactive chat with Bash
Why is it important to focus on the Installation phase after an initial compromise?