Cyber Kill Chain: Difference between revisions
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
== Reconnaissance == | |||
Attackers gather information about the target, including publicly available data and network vulnerabilities. | Attackers gather information about the target, including publicly available data and network vulnerabilities. | ||
== Weaponization == | |||
Attackers create a malicious payload, such as a virus or malware, tailored to the target's vulnerabilities. | Attackers create a malicious payload, such as a virus or malware, tailored to the target's vulnerabilities. | ||
== Delivery == | |||
The malicious payload is delivered to the target, often through phishing emails, infected websites, or other methods. | The malicious payload is delivered to the target, often through phishing emails, infected websites, or other methods. | ||
== Exploitation == | |||
The attacker exploits vulnerabilities in the system to execute the malicious code and gain initial access. | The attacker exploits vulnerabilities in the system to execute the malicious code and gain initial access. | ||
== Installation == | |||
Attackers install malware or backdoors to establish persistent access to the compromised system. | Attackers install malware or backdoors to establish persistent access to the compromised system. | ||
== Command and Control == | |||
Attackers establish a communication channel to remotely control the compromised system and direct further actions. | Attackers establish a communication channel to remotely control the compromised system and direct further actions. | ||
== Actions on Objectives == | |||
Attackers achieve their ultimate goal, such as data theft, system disruption, or other malicious activities. | Attackers achieve their ultimate goal, such as data theft, system disruption, or other malicious activities. | ||
Revision as of 19:58, 10 July 2025
The cyber kill chain is a security framework developed by Lockheed Martin to model the stages of a cyberattack. It helps organizations understand how attacks progress and how to defend against them by identifying key stages and vulnerabilities. The framework breaks down an attack into a series of phases, allowing security teams to focus on preventing attacks at each stage.
Reconnaissance
Attackers gather information about the target, including publicly available data and network vulnerabilities.
Weaponization
Attackers create a malicious payload, such as a virus or malware, tailored to the target's vulnerabilities.
Delivery
The malicious payload is delivered to the target, often through phishing emails, infected websites, or other methods.
Exploitation
The attacker exploits vulnerabilities in the system to execute the malicious code and gain initial access.
Installation
Attackers install malware or backdoors to establish persistent access to the compromised system.
Command and Control
Attackers establish a communication channel to remotely control the compromised system and direct further actions.
Actions on Objectives
Attackers achieve their ultimate goal, such as data theft, system disruption, or other malicious activities.
