Introduction

The cyber kill chain is a security framework developed by Lockheed Martin to model the stages of a cyberattack. It helps organizations understand how attacks progress and how to defend against them by identifying key stages and vulnerabilities. The framework breaks down an attack into a series of phases, allowing security teams to focus on preventing attacks at each stage.

Reconnaissance

Attackers gather information about the target, including publicly available data and network vulnerabilities.

Weaponization

Attackers create a malicious payload, such as a virus or malware, tailored to the target's vulnerabilities.

Delivery

The malicious payload is delivered to the target, often through phishing emails, infected websites, or other methods.

Exploitation

The attacker exploits vulnerabilities in the system to execute the malicious code and gain initial access.

Installation

Attackers install malware or backdoors to establish persistent access to the compromised system.

Command and Control

Attackers establish a communication channel to remotely control the compromised system and direct further actions.

Actions on Objectives

Attackers achieve their ultimate goal, such as data theft, system disruption, or other malicious activities.