The Cyber Kill Chain is a framework developed by Lockheed Martin to describe the stages of a cyber attack, understanding it helps organizations identify and prevent cyber attacks by breaking down the attack into manageable phases.

  • Reconnaissance

In the reconnaissance phase the objective is gathering information about the target by researching, identifying, and selecting targets using various tools and techniques like web searches, social engineering, and network scanning.

  • Weaponization

In this phase the attacker will create a deliverable payload/malware or an exploit to a vulnerability to be used against an identified target.

  • Delivery

This stage consists in delivering the payload/malware created on the previous stage via email attachments, USB drives, websites, exploitation of a vulnerability, or other methods.

  • Exploitation

The exploitation phase consists in exploiting a vulnerability previously discovered with success and execute code on the target system, in this phase cybercriminals often move laterally across a network to reach their targets.

  • Installation

After cybercriminals exploit the target’s vulnerabilities to gain access to a network, they begin the installation stage where they attempt to install malware and other weapons onto the target network to take control, maintain persistency and exfiltrate data.

  • Command and Control (C2)

In this stage cybercriminals communicate with the malware they’ve installed onto the target’s network to instruct them to carry their objectives and enable remote control of the infected systems.

  • Actions on Objectives

In the actions on objectives phase attacker’s perform actions to achieve the attack objectives like weaponizing a botnet, distributing malware to steal sensitive data, and using ransomware.

Previous articleAccess Controls
Next articlePyramid of Pain
Joao Silva
I’m Joao Silva, an Incident Response Analyst who loves everything about cybersecurity. I enjoy tackling practical challenges on platforms like TryHackMe and HackTheBox, and I’m always learning more through industry certifications. My main skills are spotting security risks, analyzing threats, and doing digital forensics. I keep up with the latest technologies and cyber threats to ensure strong security measures. In my spare time, I work on projects to improve server security and automate monitoring. I also like to share my knowledge by publishing content on my website to help others learn. I’m dedicated to protecting data and maintaining system integrity in our constantly changing digital world.

LEAVE A REPLY

Please enter your comment!
Please enter your name here