IT specialist Mario Haustein works on a computer with the operating system Linux. (Photo by Jan Woitas/picture alliance via Getty Images)

There’s an ongoing debate within the threat intelligence community about whether open source and commercially available penetration testing tools do more harm than good. While they allow defenders to meaningfully probe and test an organization’s security, they’re often so good at their jobs that they end up becoming staples in the kill chain of many cybercriminal groups.  

Consider a recent incident response where researchers at Advanced Intelligence recently were able to work out the exact kill chain used by a Ryuk ransomware group that includes 15 different steps from the initial infection point to the delivery of ransomware payloads onto a victim’s network. While the attackers certainly uses pure malware, like BazarBackdoor, BazarLoader and Ryuk, many of the intermediate steps in the kill chain involve commercial or open source tools.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.