Cisco Updated 200-201 Exam Questions and Answers by aubree

 The category of the Cyber Kill Chain model that this event belongs to is weaponization. This stage occurs after reconnaissance has taken place and the attacker has discovered all necessary information about potential targets, such as vulnerabilities. In the weaponization stage, the attacker’s preparatory work culminates in the creation of malware to be used against an identified target, which in this case is a specific worm tailored to exploit a software flaw and extract saved passwords. References: The Cyber Kill Chain framework, developed by Lockheed Martin, explains the weaponization stage as the process where attackers create or modify cyber weapons based on the intelligence gathered during reconnaissance

• The exhibit shows an HTTP GET request with a parameter that includes ; /bin/sh -c id.
• This indicates a command injection attempt, where the attacker is trying to execute shell commands on the server.
• Command injection vulnerabilities allow an attacker to execute arbitrary commands on the host operating system via a vulnerable application.
• The use of /bin/sh and the -c flag is typical in command injection exploits to run shell commands, such as id, which returns user identity information.

References

• OWASP Command Injection
• Analyzing HTTP Requests for Injection Attacks
• Web Application Security Testing Guidelines

The weaponization step in the Cyber Kill Chain model involves creating or repurposing malware based on the information gathered during reconnaissance to exploit vulnerabilities in the target’s system. This step culminates in the preparation of the malware to be delivered to the victim2.

References:

• Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
• Cyber Kill Chain