210-255 · Question #85
Which of the following is not an example of weaponization?
The correct answer is A. Connecting to a command and control server. Weaponization is the phase of creating malicious payloads before delivery; connecting to a command and control (C2) server occurs after exploitation and belongs to a later Cyber Kill Chain phase.
Question
Which of the following is not an example of weaponization?
Options
- AConnecting to a command and control server
- BWrapping software with a RAT
- CCreating a backdoor in an application
- DDeveloping an automated script to inject commands on a USB device
How the community answered
(50 responses)- A90% (45)
- B2% (1)
- C2% (1)
- D6% (3)
Why each option
Weaponization is the phase of creating malicious payloads before delivery; connecting to a command and control (C2) server occurs after exploitation and belongs to a later Cyber Kill Chain phase.
Connecting to a C2 server is part of the 'Command and Control' phase (phase 6) of the Cyber Kill Chain, which occurs long after weaponization. Weaponization (phase 2) is exclusively about building or configuring the malicious weapon before it is ever delivered to the target, so C2 communication cannot be classified as weaponization.
Wrapping software with a Remote Access Trojan (RAT) is a classic weaponization activity because it bundles malicious functionality into a deliverable payload.
Creating a backdoor in an application is an act of weaponization because it embeds persistent malicious access capability directly into a software artifact prior to delivery.
Developing an automated script to inject commands via a USB device constitutes weaponization because it produces a ready-to-deploy malicious tool crafted before the attack begins.
Concept tested: Cyber Kill Chain weaponization phase identification
Source: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Topics
Community Discussion
No community discussion yet for this question.