#203: Spying on the Kill Chain
A look at the issues
Your business runs on data. But how do you know if it’s reliable?
Find out how to leverage Twilio Segment to collect and activate reliable data for smarter decision-making.
We know you run your business on data, so you better be able to depend on it.
Twilio Segment was purpose-built so that you don’t have to worry about your data. Forget the data chaos, dissolve the silos between teams and tools, and bring your data together with ease.
So that you can spend more time innovating and less time integrating.
Welcome to another _secpro!
This week, we're moving onto the Cyber Kill Chain and making it clear how we can apply the framework in the average day-to-day workings of a secpro. We've collected a range of useful insights and academic papers to keep you going, so scroll down and check them out!
Cheers!
Austin Miller
Editor-in-Chief
Pinterest, Tinder, Meta speaking at DeployCon GenAI Summit!
DeployCon is a free, no-fluff, engineer-first summit for builders on the edge of production AI—and you’re on the guest list. On June 25 Predibase is taking over the AWS Loft in San Francisco and Streaming Online for a day of candid technical talks and war stories from the teams that ship large-scale AI.
In-Person @ AWS GenAI Loft – San Francisco
June 25, 9:30AM–2:00PM PT
Coffee, lightning talks, and lunch with the AI infra community
The event is free, but space is limited so register now. Hope to see you there!
Live Stream – Wherever You Are
Can’t make it to SF? Join virtually and get the same expert content, live.
June 25, 10:30AM–1:30PM PT
This week's articles
Reconnaissance and the Cyber Kill Chain
And here we go ahead! Now that we're done with MITRE ATT&CK, we're moving onto Lockhead Martin's Cyber Kill Chain. This week, a general introduction before we move onto the important moving parts of the approach.
AI GRC
Join Hemang as he sketches out the issues for GRC in the age of AI. This was our premium expert article for _secpro last month, so make sure to sign up for premium on Substack and find out everything we have to offer!
News Bytes
Check out Krebs' coverage of this month's Patch Tuesday!
Brian Krebs survives a record ~6.3 Tbps DDoS via Aisuru IoT botnet: Krebs reports an unprecedented DDoS attack—peaking at ~6.3 Tbps over 45 seconds—on his site, orchestrated by a new IoT botnet dubbed “Aisuru,” marking one of the largest volumetric attacks to date.
Suspected Russian Hackers Use Advanced Phishing on UK Researcher: Reuters reports that Russian government–linked threat actors impersonated a U.S. State Department official over two weeks, using highly polished emails—potentially powered by AI—to trick Chatham House researcher Keir Giles into handing over an app-specific password. This highlights a new level of sophistication in phishing campaigns.
Breaking Down the Latest Patch Tuesday Report by the SecMaster: "Microsoft has released its June 2025 Patch Tuesday security updates, addressing 66 vulnerabilities across Windows, Office, Exchange Server, Azure, Visual Studio, and other products. This includes fixes for two zero-day vulnerabilities, with one being actively exploited in the wild."
Australia Requires Ransomware Victims to Declare Payments: "A new Australian law requires larger companies to declare any ransomware payments they have made."
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet: Trend Micro reveals active exploitation of a critical zero-day (CVE‑2025‑3248) in Langflow (< v1.3.0), delivering the Flodrix botnet for system compromise, DDoS, and data exfiltration. Reported June 17.
Race-condition flaws CVE‑2025‑5054 & CVE‑2025‑4598 leak core dump data: Qualys TRU uncovered two local info-leak bugs in Linux crash-report tools—Apport (Ubuntu) and systemd-coredump (RHEL/Fedora). Both can expose sensitive data (even /etc/shadow) via race conditions. Users are urged to patch or disable SUID core dumps.
This week's academia
Impact of AI on the Cyber Kill Chain: A Systematic Review (Heliyon, 2024): A systematic literature review of 62 studies (2013–2023) examining how AI tools bolster attackers in early kill‑chain stages and highlighting defense gaps, with suggestions for AI‑aware defenses.
Technical Aspects of Cyber Kill Chain (arXiv, 2016): A foundational paper outlining methodologies, tools, and techniques attackers use at each of the seven stages of the Cyber Kill Chain—helpful for researchers developing defensive strategies.
A Cyber Kill Chain Based Taxonomy of Banking Trojans (arXiv, 2018): This study develops a CKC‑based taxonomy specifically for banking Trojans and validates it using 127 real-world samples, aiding the design of stage‑targeted detection and mitigation strategies.
Upcoming events for _secpros this year
Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!
DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.
Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.
Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.