Which activity is typically performed by a threat actor in the installation phase of the Cyber Kill Chain?
- Harvest email addresses of user accounts.
- Obtain an automated tool to deliver the malware payload.
- Open a two-way communication channel to the CnC infrastructure.
- Install a web shell on the target web server for persistent access.
| Answers Explanation & Hints:
In the installation phase of the Cyber Kill Chain, the threat actor establishes a back door into the system to allow for continued access to the target. |