/command1.png)
The sixth stage of the Cyber Kill Chain is the "Command and Control (C2)" step. At this point, the attacker has completed several crucial tasks of the attack and has prepared the Command and Control (C2) server to deliver commands to the system. The attacker can send remote commands to the system and execute them at this step.
In the "Command and Control (C2)" stage, what the attacker does is establish contact between C2 and the target system. This stage does not include the execution of the actions targeted by the attacker. Once the C2 communication is complete, the attacker will proceed to carry out malicious activities.
Briefly, what the attacker does at this stage is as follows:
Although there is no specific action for blue teams at this stage, general security monitoring and detection techniques and practices within the context of C2 communication should be considered. Blueteams should take the appropriate steps to recognize and prevent potential C2 network traffic flow. The following are some steps to be taken:
The sixth phase of the Cyber Kill Chain, the "Command and Control (C2)" step, is discussed in this section, along with some activities that attackers may take and some measures that Blueteams may employ at this stage. The topic of "Actions on Objectives" is explained in the following section of the training.
Detection Scenario: In its network connections, a Windows machine within the organization appeared to have successfully established a connection to a suspicious IP address outside the organization. With this connection, the SOC analyst determined that the attacker was able to execute remote commands on the Windows machine.
Question: What is the last Cyber Kill Chain step in which the attacker is successful, according to the aforementioned detection scenario?
answer: 6