Cyber Kill Chain Framework Approach to Map Potential Attack Vectors on Windows-based OS
DOI:
https://doi.org/10.62146/ijecbe.v3i1.107Keywords:
Windows 11 Security Evaluation, Adversary Emulation, SMB, RDP Vulnerabilities, Privilege Escalation Risks, Windows Cybersecurity Mitigation StrategiesAbstract
The widespread adoption of Windows 11 necessitates a comprehensive evaluation of its security vulnerabilities, particularly in light of increasingly sophisticated cyberattacks. This study exclusively focuses on Windows 11 Home and Enterprise editions, applying the Cyber Kill Chain framework to map potential attack vectors. The analysis reveals significant weaknesses in SMB and RDP protocols, with Windows 11 Enterprise proving more vulnerable to specific threats such as SMB Relay Attacks. Adversary emulation using the Caldera platform successfully simulated real-world cyber threats, highlighting critical security issues, including the extraction of sensitive information and privilege escalation risks through PowerShell. The emulation demonstrated that commands could identify user accounts and shared directories, exposing potential avenues for unauthorized access. Recommended countermeasures include enabling SMB signing, enforcing strong password policies, disabling unused RDP services, and deploying active antivirus solutions. This research provides key insights into enhancing the security posture of Windows 11 against modern cyber threats, emphasizing the importance of proactive security measures and continuous vulnerability assessments.
References
Panos Panay, “Windows 11: A new era for the PC begins today,” Windows Experience Blog, [Online]. Available https://blogs.windows.com/windowsexperience/2021/10/04/windows-11-a-new-era-for the-pc-begins-today/.[Accessed 1 March 2025].
Surur Davids, “Microsoft explains the security benefits of Windows 11,” MS Power User, [Online]. Available : https://mspoweruser.com/microsoft-explains-the-security-benefits-of windows-11/. [Accessed 1 March 2025].
Kyle Alspach, “Windows 11 Security: 10 Key Updates From Microsoft,” CRN, [Online]. Available : https://www.crn.com/slide-shows/applications-os/windows-11-security-10 key-updates-from-microsoft?page=11&itc=refresh. [Accessed 1 March 2025].
David Weston, “New security features for Windows 11 will help protect hybrid work,” Microsoft, [Online]. Available : https://www.microsoft.com/en us/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect hybrid-work/. [Accessed 1 March 2025].
P. Arora and A. Dhar, “CYBER ATTACKS: OPERATION AND PREVENTION,” International Journal of Engineering Applied Sciences and Technology, vol. 1, no. 12, pp. 93–96, 2016.
“X-Force Threat Intelligence Index 2022 Full Report”, IBM, [Online]. Available : https://www.securityhq.com/reports/ibm-x-force-threat-intelligence-index 2022/.[Accessed 1 March 2025].
“Exclusive: Windows 11 is active on almost half a billion devices, ahead of Microsoft’s expectations,” Zac Bowden, Windows Central, [Online]. Available : https://www.windowscentral.com/software-apps/windows-11/exclusive-windows-11-is active-on-almost-half-a-billion-devices-ahead-of-microsofts-expectations. [Accessed 1 March 2025].
Ö. ASLAN a and R. SAMET, “Mitigating Cyber Security Attacks by being Aware of Vulnerabilities and Bugs,” International Conference on Cyberworlds, 2017.
K. Dashora, D. S. Tomar, and J. Rana, ““A Practical Approach for Evidence Gathering in Windows,” International Journal of Computer Applications , vol. 5, 2010.
“Vulnerability Statistics,” CVE Details - Windows 7, Windows Central, [Online]. Available : https://www.windowscentral.com/software-apps/windows-11/exclusivewindows-11-is active-on-almost-half-a-billion-devices-ahead-of-microsofts-expectations. [Accessed 1 March 2025].
Vunerability Statistics,” CVE Details - Windows 8, [Online]. Available : https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-22318/Microsoft Windows 8.html?page=1&order=1&trc=254&sha=6f5a3638e845b84d5353922e56e4723cb60ed07f. [Accessed 1 March 2025].
J. Softic and Z. Vejzovic, “Windows 10 Operating System: Vulnerability Assessment and Exploitation,” in 2022 21st International Symposium INFOTEH-JAHORINA, INFOTEH 2022 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2022. doi: 10.1109/INFOTEH53737.2022.9751274.
J. S. Aidan, H. K. Verma, and L. K. Awasthi, “Comprehensive Survey on Petya Ransomware Attack,” International Conference on Next Generation Computing and Information Systems (ICNGCIS), 2017.
Lockheed Martin, "Cyber Kill Chain®," [Online]. Available: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html. [Accessed 1 March 2025].
S. J. Kim, S. K. Lee, and S. H. Lee, "Cyber Kill Chain-Based Taxonomy of Advanced Persistent Threat Actors: Analogy of Tactics, Techniques, and Procedures," Journal of Information and Communication Convergence Engineering, vol. 17, no. 4, pp. 239-246, Dec. 2019. [Online]. Available: https://koreascience.kr/article/JAKO201925462478086.page. [Accessed 1 March 2025].
M. Gierblinski, “Introduction to Adversary Emulation with Caldera,” Curios IT Blog, Dec. 17, 2024. [Online]. Available: https://blog.curios-it.eu/2024/12/17/introduction-to-adversary-emulation-with-caldera/. [Accessed 7 January 2025].
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Electrical, Computer, and Biomedical Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
