312-50V13 · Question #274
You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client- side backdoo
The correct answer is C. Weaponization. Cyber Kill Chain Stage Explanation Weaponization (C) is correct because you are actively crafting a malicious payload - in this case, a client-side backdoor embedded in an email - to be delivered to the targets. Weaponization is the stage where attackers package malware or exploi
Question
Options
- AReconnaissance
- BCommand and control
- CWeaponization
- DExploitation
How the community answered
(41 responses)- A2% (1)
- B10% (4)
- C83% (34)
- D5% (2)
Explanation
Cyber Kill Chain Stage Explanation
Weaponization (C) is correct because you are actively crafting a malicious payload - in this case, a client-side backdoor embedded in an email - to be delivered to the targets. Weaponization is the stage where attackers package malware or exploits into a deliverable weapon before it reaches the victim.
Why the distractors are wrong:
- (A) Reconnaissance already occurred - that's when you harvested the employees' email addresses from public sources; that stage is now complete.
- (B) Command and Control (C2) happens after the victim is compromised and the attacker establishes a communication channel with the infected system - much later in the chain.
- (D) Exploitation occurs when the payload is triggered on the victim's machine, causing the vulnerability to execute - which hasn't happened yet.
Memory Tip: Think of the kill chain in order - Reconnaissance → Weaponization → Delivery → Exploitation → C2. Ask yourself: "Am I gathering info, building the weapon, sending it, or using it?" In this scenario, you're building the weapon, which = Weaponization.
Topics
Community Discussion
No community discussion yet for this question.