This post may contain affiliate links, please read our affiliate disclosure to learn more.
What Is the Cyber Kill Chain?

What Is the Cyber Kill Chain?

 By Charles Joseph | Cybersecurity Researcher
 Published on February 6th, 2023
This post was updated on November 25th, 2023

The Cyber Kill Chain is a process used to describe the stages of a cyber attack. It was developed by Lockheed Martin in 2011 and is now widely used by security professionals, organizations, and government agencies.

The Kill Chain consists of seven phases:

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.
  1. Reconnaissance – profile your target, gather information; document publicly available system and network configuration
  2. Weaponization – identify an exploit, or create one yourself; couple it with a payload that’s delivered after a successful exploitation
  3. Delivery – “deliver” or send the exploit to your target
  4. Exploitation – execute the exploit on the target
  5. Installation – now that the exploit has executed, gain persistence by installing backdoors
  6. Command and control (C2) – create a method of communication between yourself and the target; this usually occurs via a C2 node
  7. Actions on objectives – complete your objective(s), e.g., exfiltrate data

Understanding each phase of the attack lifecycle and identifying methods for stopping an attack before it reaches its goal or objective can help protect an organization from cyber attacks.

"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional
Scroll to Top