My Authors
Read all threads
The Cyber Attack Lifecycle describes the actions taken by an attacker from initial identification and recon to mission complete. This helps us understand and combat bad actors, ransomware, and others.

Let’s break down the steps ! 🧵

#30DaysOfThreads #infosec #security #tech 1/9
Initial Reconnaissance 🔎 - 2/9

Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network. Some things attackers use and look for:

Whois
Target IP Ranges
Web Properties, Domains & Subdomains
Open Cloud Buckets
Google dorking
Initial Compromise 📬 - 3/9

Attacker compromises a vulnerable host. This may be a DMZ host or something in a higher security group via email phish. This is the first step into a network and why security people always say:

Don't click email links!
Don't open email attachments!
Establish Foothold 🧗🏼‍♀️ - 4/9

A compromised system is good, one that you can access is even better. Initial access or a foothold is an attackers first steps in your network. If there are network rules to block various network traffic, the attack may die here.
Escalate Privileges 📈 - 5/9

Attackers often need more privileges on a system to get access to more data and permissions: for this, they need to escalate their privileges often to an Admin.
Internal Recon 👀 - 6/9

Where are we internally , what are we looking for, and how can I get there?
Here we apply the OODA loop - a simple strategy to help you find your way forward.

Observe - What do I see
Orient - Where am I
Decision - What do I need to do?
Action - DO
Move Laterally 👣 - 7/9

Once they’re in a system, attackers can move laterally to other systems and accounts in order to gain more leverage: whether that’s higher permissions, more data, or greater access to systems.
Maintain Persistence 🏠 - 8/9

Being able to return to networks again and again is one of an attackers main goals. They may not find what they’re looking for during in the first compromise and they will want to return.
Repeat (4-7) until (Mission) Complete 🔁 ✅ - 9/9

Mission complete can be any number of things, anything your mind can think up from any spy or heist movie. Real data gets stolen every day. The current “average time to detect a breach” is 197 days.

Stay safe out there!
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Public Universal Hacker

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!