Problem
I. Explain in detail how Cyber Kill Chain differs with Diamond Model.
II. Identify under which phase of cyber kill chain the below items belong to?
i. The attacker working on developing malware to attack an organization.
ii. Attacker having uninterrupted access to a host machine in an organization.
iii. The Vulnerability has been exposed and malicious code has been inserted.
iv. Data exfiltration from the Organization network to outside environment.
v. Attacker researching about the Organization and the security vulnerabilities.
vi. Malicious Payload sent via an email to the victim.
vii. Attacker surfing through LinkedIn to obtain information related to the employees working in the Organization.
viii. Attacker performing Lateral Movement and Privilege Escalation.
III. You are required to monitor all incoming packets from the ip address 10.0.0.1 on a particular system. Which Wireshark filter would you use.
IV. Which protocol would you use to monitor the Ping Traffic?
V. Which protocol would you use to detect "three-way handshake" in Wireshark?
VI. What mode of a network adaptor is needed in order to capture/ sniff traffic from it?