Cyber Kill Chain

Inspired by the military kill chains, the Cyber Kill Chain is a cyber security framework introduced by Lockheed Martin in 2011. It is created to help organisations defend against cyber attacks by understanding how they are conducted. The Cyber Kill Chain divides an attack into seven stages:

1. Reconnaissance: In the first stage, the attacker gathers information about the target
2. Weaponisation: Once proper reconnaissance is conducted, the attacker creates a deliverable payload or modifies an existing one based on the target system’s vulnerabilities
3. Delivery: Once ready, the attacker sends the weaponised payload to the target
4. Exploitation: Once executed, the payload exploits a vulnerability in the target’s system
5. Installation: The exploitation enables the attacker to install a backdoor or malware to maintain persistence in the target’s environment
6. Command & Control (C2): Using the installed backdoor, the attacker can control the compromised system
7. Actions on Objectives: Reaching this far, the attacker can now carry out further actions such as data exfiltration or other systems’ exploitation

When an organisation learns about each stage, it has a better chance of breaking the chain and interrupting an attack while it is in progress.

Learning Objectives

Upon the completion of this room, you will learn about:

• The seven stages of the Cyber Kill Chain
• Explore various attack examples within each stage
• Visit different defence examples related to each stage

Learning Prerequisites

We recommend that users finish the Cyber Security 101 path to get the most out of this room.