Lesson 2: The Attack Kill Chain
A cyberattack is not a single event — it is a planned, multi-stage process. The Cyber Kill Chain model, developed by Lockheed Martin, defines 7 stages attackers traverse from selecting a target to achieving their objectives. The key insight: a good defense doesn't need to stop all 7 stages — breakin
Imagine a burglar planning a heist: first they stake out the house, then buy tools, then break in, then steal. If you catch them at any stage — they fail. Kill Chain is the same idea in cyber.
- Kill Chain
- A model describing the 7 sequential stages of a cyberattack, from initial reconnaissance to actions on objectives
- Reconnaissance
- Gathering information about the target — external interfaces, employees, technologies — without directly touching the system
- Weaponization
- Building the malicious tool: combining an exploit with a payload (e.g., trojan, backdoor) that will be used in the attack
- Delivery
- Transferring the weapon to the victim — usually via phishing, malicious USB, watering hole, or exposed service exploitation
- Exploitation
- Triggering the malicious code that exploits a vulnerability to gain initial access to the system
- Command & Control (C2)
- A covert communication channel through which the attacker sends commands to the infected system and receives data from it