Cyber Kill Chain Methodology

Cyber kill chain methodology is a seven phases methodology created by Lockheed Martin. It acts as a framework for securing cyberspace based on a concept of military kill chain.

  • Reconnaissance: gather information on intended target (passive step such as OSINT, technology used in website and email, whois, DNS, footprint, open ports…)
  • Weaponization: analyze gathered information and identify vulnerabilities and technique to gain access. Create malicious customized payload and target specific devices. Phishing.
  • Delivery: deliver the payload (email, USB drop, links…)
  • Exploitation: exploit hardware and software vulnerabilities. This is a “make or brake” phase; it will either work or the security controls of the company will prevent the exploit
  • Installation: Install the payload and even more, like backdoor. Also hide the backdoor.
  • Command and Control (C&C): two-way channel between target system and attacker system. Leverage privilege escalation if possible. Hide compromise of system with encryption
  • Action on Objectives: start stealing the targeted asset (customers records etc), use denial of service (DOS) to affect the environment or use the system as a launching point to perform other attack.