Hybrid Kill Chain & Attack Methodology

Report by Miguel Bigueur & Les Davis

image2.png

Figure 1. Anatomy of a URL and Web Server Architecture.

The intent is to manipulate URL inputs as a method of infiltration by means of legitimacy. The goal here is to masquerade as legitimate traffic in an effort to penetrate firewalls uninhibited, while bypassing all pre-established defense mechanisms. Once this is achieved, an attacker is afforded the opportunity to escalate privileges with an opportunity to engage in lateral movements.

A few tools that can be used to help discover vulnerabilities in web and mail servers include: Continue reading