During a network intrusion analysis, a security analyst observes repeated TCP SYN packets sent to a range of ports on a target host, each followed by an RST response. No subsequent ACK packets are observed. Which phase of the Cyber Kill Chain is the attacker most likely executing?
Trap 1: Delivery
Delivery is the phase where the weaponized payload is sent to the target, not scanning.
Trap 2: Weaponization
Weaponization involves creating a deliverable payload, not scanning for open ports.
Trap 3: Exploitation
Exploitation occurs after a vulnerability is identified; scanning is preparatory.
- A
Reconnaissance
SYN scan is a reconnaissance activity to identify open ports and services.
- B
Delivery
Why wrong: Delivery is the phase where the weaponized payload is sent to the target, not scanning.
- C
Weaponization
Why wrong: Weaponization involves creating a deliverable payload, not scanning for open ports.
- D
Exploitation
Why wrong: Exploitation occurs after a vulnerability is identified; scanning is preparatory.