Exam 312-50v12 topic 1 question 17 discussion

Preparation Initial Intrusion Expansion Persistence Search and Exfiltration Clean up

Initial Intrusion

A. Initial intrusion In this scenario, Harry, a professional hacker, is targeting the IT infrastructure of an organization. He is using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers to gain initial access to the target network. By successfully deploying malware on the target system, he establishes an outbound connection, allowing him to maintain access to the network. The APT lifecycle consists of several phases, including initial intrusion, persistence, command and control, lateral movement, and data exfiltration. In the initial intrusion phase, the attacker gains access to the target network using various techniques, such as exploiting vulnerabilities or social engineering. Therefore, the correct answer is A. Initial intrusion.

Option A initial Instrusion

Option A initial Instrusion

Initial Intrusion

Refer to CEH v12 Module 7 Malware threats - APT Concepts page 649 Initial Intrusion The next phase involves attempting to enter the target network. Common techniques used for an initial intrusion are sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Spear-phishing emails usually appear legitimate but they contain malicious links or attachments containing executable malware. These malicious links can redirect the target to the website where the target’s web browser and software are compromised by the attacker using various exploit techniques. Sometimes, an attacker may also use social engineering techniques to gather information from the target. After obtaining information from the target, attackers use such information to launch further attacks on the target network. In this phase, malicious code or malware is deployed into the target system to initiate an outbound connection.

Initial Intrusion Deployment of malware Establishment of outbound connection

Are yall actually reading the question? Answer is B This is the key part -- "By successfully deploying malware on the target system, he establishes an outbound connection, allowing him to maintain access to the network." This is AFTER the initial intrusion he creates a persistent OUTBOUND connection.

A. Initial intrusion