Research Article
Open access
Published on 7 February 2024
Download pdf
Zhao,L. (2024). Navigating the Cyber Kill Chain: A modern approach to pentesting. Applied and Computational Engineering,38,170-175.
Export citation

Navigating the Cyber Kill Chain: A modern approach to pentesting

Letao Zhao *,1,
  • 1 Hong Kong Polytechnic University

* Author to whom correspondence should be addressed.

https://doi.org/10.54254/2755-2721/38/20230549

Abstract

The Cyber Kill Chain is a strategic model that outlines the stages of a cyberattack, from initial reconnaissance to achieving the final objective. This framework is often mirrored in penetration testing (pentest), a legal and authorized simulated attack on a computer system performed to evaluate its security. By understanding the steps in the Cyber Kill Chain, penetration testers can mimic the strategies of malicious attackers, exploring vulnerabilities at each stage of the chain. This approach allows organizations to evaluate their defensive measures across the full spectrum of an attack, identifying weaknesses and enhancing their security protocols accordingly. In essence, the Cyber Kill Chain provides a roadmap for pen-testers to systematically evaluate an organization's cyber defences. The research method of this article involves a systematic analysis of the Cyber Kill Chain model, examining how penetration testers can employ this strategic framework to emulate the tactics of malicious attackers and identify methodology at each stage of the chain.

Keywords

cyber kill chain, pentesting methodologies, ethical hacking

View pdf
References

[1]. Patil, S., Jangra, A., Bhale, M., Raina, A., & Kulkarni, P. (2017). Ethical Hacking: The Need for Cyber Security. In IEEE International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI-2017). IEEE.

[2]. Vats, P., Mandot, M., & Gosain, A. (2020). A Comprehensive Literature Review of Penetration Testing & Its Applications. 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO).

[3]. Bishop, M. (2023). Penetration Testing. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE.

[4]. Garba, F. A., Junaidu, S. B., Ahmad, B. I., & Tekanyi, A. M. S. (2023). Proposed Framework for Effective Detection and Prediction of Advanced Persistent Threats Based on the Cyber Kill Chain. Scientific and Practical Cyber Security Journal (SPCSJ), 3(3), 1-11.

[5]. Sanghvi, H. P., & Dahiya, M. S. (2013). Cyber Reconnaissance: An Alarm Before Cyber Attack. International Journal of Computer Applications, 63(6), 1-4.

[6]. Barrett, N. (2003). Penetration testing and social engineering: hacking the weakest link. Information Security Technical Report, 8(4), 56-64.

[7]. International Journal of Computer Science Trends and Technology (IJCST). (2014). Study Of Ethical Hacking. Volume (Issue), page range.

[8]. Y. Kolli, T. K. Mohd and A. Y. Javaid, "Remote Desktop Backdoor Implementation with Reverse TCP Payload using Open Source Tools for Instructional Use," 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), Vancouver, BC, Canada, 2018, pp. 444-450, doi: 10.1109/IEMCON.2018.8614801.

[9]. Information Security Technical Report. (2001). Backdoors and Trojan Horses. Information Security Technical Report, Vol. 6, No. 4, pp. 1-31.

[10]. Luo, H. (2019). SSRF vulnerability Attack and Prevention based on PHP. 2019 International Conference on Communications, Information System and Computer Engineering (CISCE). DOI 10.1109/CISCE.2019.00109

[11]. Lhee, K.-S., & Chapin, S. J. (2003). Buffer overflow and format string overflow vulnerabilities. Software—Practice and Experience, 33, 423-460.

[12]. F. Jaafar, G. Nicolescu and C. Richard, "A Systematic Approach for Privilege Escalation Prevention," 2016 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), Vienna, Austria, 2016, pp. 101-108, doi: 10.1109/QRS-C.2016.17.

[13]. T. Yamauchi, Y. Akao, R. Yoshitani, Y. Nakamura and M. Hashimoto, "Additional Kernel Observer to Prevent Privilege Escalation Attacks by Focusing on System Call Privilege Changes," 2018 IEEE Conference on Dependable and Secure Computing (DSC), Kaohsiung, Taiwan, 2018, pp. 1-8, doi: 10.1109/DESEC.2018.8625137.

[14]. Suryotrisongko, H., & Musashi, Y. (2022). Evaluating hybrid quantum-classical deep learning for cybersecurity botnet DGA detection. Procedia Computer Science, 197, 223-229.

[15]. Z. Li, M. Wang, X. Wang, J. Shi, K. Zou and M. Su, "Identification Domain Fronting Traffic for Revealing Obfuscated C2 Communications," 2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC), Shenzhen, China, 2021, pp. 91-98, doi: 10.1109/DSC53577.2021.00020.

[16]. Yamin, M. M., Ullah, M., Ullah, H., & Katt, B. (2021). Weaponized AI for cyber attacks. Journal of Information Security and Applications, 57, 102722.

[17]. Guembe, B., Azeta, A., Misra, S., Osamor, V. C., Fernandez-Sanz, L., & Pospelova, V. (2022). The Emerging Threat of Ai-driven Cyber Attacks: A Review. Applied Artificial Intelligence, 36(1), 2037254.

Cite this article

Zhao,L. (2024). Navigating the Cyber Kill Chain: A modern approach to pentesting. Applied and Computational Engineering,38,170-175.

Data availability

The datasets used and/or analyzed during the current study will be available from the authors upon reasonable request.

Disclaimer/Publisher's Note

The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of EWA Publishing and/or the editor(s). EWA Publishing and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

About volume

Volume title: Proceedings of the 2023 International Conference on Machine Learning and Automation

Conference website: https://2023.confmla.org/
ISBN:978-1-83558-301-2(Print) / 978-1-83558-302-9(Online)
Conference date: 18 October 2023
Editor:Mustafa İSTANBULLU
Series: Applied and Computational Engineering
Volume number: Vol.38
ISSN:2755-2721(Print) / 2755-273X(Online)

© 2024 by the author(s). Licensee EWA Publishing, Oxford, UK. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license. Authors who publish this series agree to the following terms:
1. Authors retain copyright and grant the series right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this series.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the series's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this series.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See Open access policy for details).

For authors
Guide for authors Policies for authors Aims and scope Subscription Open access policy
For editors
Policies for editors Editorial board
For reviewers
Policies for reviewers Privacy policy

Cookies are used by this site.
Copyright © 2024 EWA Publishing, its licensors, and contributors. All rights reserved, including text and data mining, AI training, and similar technologies.