The Cyber Kill Chain is a process used to describe the stages of a cyber attack. It was developed by Lockheed Martin in 2011 and is now widely used by security professionals, organizations, and government agencies.
Stay One Step Ahead of Cyber Threats
The Kill Chain consists of seven phases:
- Reconnaissance – profile your target, gather information; document publicly available system and network configuration
- Weaponization – identify an exploit, or create one yourself; couple it with a payload that’s delivered after a successful exploitation
- Delivery – “deliver” or send the exploit to your target
- Exploitation – execute the exploit on the target
- Installation – now that the exploit has executed, gain persistence by installing backdoors
- Command and control (C2) – create a method of communication between yourself and the target; this usually occurs via a C2 node
- Actions on objectives – complete your objective(s), e.g., exfiltrate data
Understanding each phase of the attack lifecycle and identifying methods for stopping an attack before it reaches its goal or objective can help protect an organization from cyber attacks.
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional