The "Weaponization" is the second step in the Cyber Kill Chain. At this stage, the attacker uses the information obtained in the previous stage to access the tools needed for the attack or develops the tool/script directly. At this stage, preparation for a cyber-attack may differ depending on the sort of attack. For example, if a phishing-type cyber attack is to be carried out, an exploit can be constructed in response to a recognized security vulnerability, or malicious email content can be generated. If the tools for the cyber attack are ready, the attacker completes this phase quickly and moves on to the next phase of the cyber attack. At this point, the attack has not yet commenced, and the victim is generally unaware of the attacker.

Adversary

The attacker might build many alternative attack techniques or prepare the essential components for a cyber attack during the "Weaponization" process. The following are some of the processes that the attacker might employ at this stage:

• Creating malware
• Developing exploits
• Creating malicious content for use in a phishing attempt (such as an email template and a malicious document).
• Identifying the best instrument for the cyber attack

Defender

It is not possible for SOC analysts and Blueteams to directly prevent the attack preparations of attackers at this stage. However, some measures can be taken, albeit limited. Some of these measures are as follows:

• Checking the systems on a regular basis to see if any identified security vulnerabilities exist.
• Installing security updates for the systems of the institutions as soon as possible
• Analyzing the impact of known or newly produced cyber attack tools on systems by tracking the known or newly developed attack tools and therefore being able to detect when the tool is utilized

The "Weaponization" step, which is the second step in the Cyber Kill Chain, is explained in this section of the training, along with some of the actions that attackers can take and some measures that Blueteams can take at this stage. In the following section of the training, the "Delivery" step is explained.

Quiz

Attack Scenario:

• An APT group selected a telecom organization as the target of a cyber attack.
• E-mail addresses of the selected organization were collected through social media and open sources.
• A phishing e-mail template was generated to be sent to the e-mail addresses of the organization's employees based on the information obtained.
• A Word document titled "Salaries.docx" containing malicious macro code was created to be included in the email attachment.