🕸️
Th4ntis CyberSec
  • 🕷️>whoami_
  • 🖥️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • 💻Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • 🪟Windows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • 🔎OSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • 🛠️Tools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • 📔Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • 📕Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • 📓Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • 📦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • About
  • Standard Kill Chain
  • Phase 1: Reconnaissance
  • Phase 2: Weaponization
  • Phase 3: Delivery
  • Phase 4: Exploitation
  • Phase 5: Installation
  • Phase 6: Command and Control (C2)
  • Phase 7: Actions on Objective
Edit on GitHub
  1. General Info

Cyber Kill Chain

Last updated 1 year ago

About

The is an adaptation of the military’s kill chain, which is a step-by-step approach that identifies and stops enemy activity. Originally developed by Lockheed Martin in 2011, the cyber kill chain outlines the various stages of several common cyberattacks and, by extension, the points at which the information security team can prevent, detect or intercept attackers.

The cyber kill chain is intended to defend against sophisticated cyberattacks, also known as , wherein attackers spend significant time surveilling and planning an attack. Most commonly these attacks involve a combination of malware, ransomware, Trojans, spoofing and to carry out their plan.

There are other Kill Chains out there, which some can found from SentinelOne but here is the standard one. Another good article from Varonis can be found .

Standard Kill Chain

The standard kill chain is broken into these phases:

  • Phase 1: Reconnaissance

  • Phase 2: Weaponization

  • Phase 3: Delivery

  • Phase 4: Exploitation

  • Phase 5: Installation

  • Phase 6: Command and Control

  • Phase 7: Actions on Objective

Phase 1: Reconnaissance

Attackers identify a target and explores vulnerabilities and weaknesses that can be exploited within the network. As part of this process, the attacker may harvest login credentials or gather other information, such as email addresses, user IDs, physical locations, software applications and operating system details, etc. all of which may be useful in phishing or spoofing attacks.

Phase 2: Weaponization

Attackers create an attack vector, such as remote access malware, ransomware, virus or worm that can exploit a known vulnerability. The attacker may also set up back doors so that they can continue to access to a system if their original point of entry is identified and closed by network administrators.

Phase 3: Delivery

The attacker launches the attack. The specific steps taken will depend on the type of attack they intend to carry out. Eg. the attacker may send email attachments or a malicious link to spur user activity to advance the plan. This activity may be combined with social engineering techniques to increase the effectiveness of the campaign.

Phase 4: Exploitation

This phase is pretty simple. The malicious code or file is executed within the target system.

Phase 5: Installation

Following the Exploitation phase, the malware or other attack vector will be installed on the target system. This is a turning point in the attack lifecycle, as the threat actor has entered the system and can now assume control.

Phase 6: Command and Control (C2)

The attacker is able to use the malware to assume remote control of a device or identity within the target network. The attacker may also work to move laterally throughout the network, expanding their access and establishing more points of entry for the future.

Phase 7: Actions on Objective

The attacker takes steps to carry out their intended goals, which may include data theft, destruction, encryption or exfiltration.

🖥️
cyber kill chain
advanced persistent threats (APTs)
social engineering techniques
here
here