Cyber kill chain methodology is a seven phases methodology created by Lockheed Martin. It acts as a framework for securing cyberspace based on a concept of military kill chain.
-
Reconnaissance: gather information on intended target (passive step such as OSINT, technology used in website and email,
whois, DNS, footprint, open ports…) - Weaponization: analyze gathered information and identify vulnerabilities and technique to gain access. Create malicious customized payload and target specific devices. Phishing.
- Delivery: deliver the payload (email, USB drop, links…)
- Exploitation: exploit hardware and software vulnerabilities. This is a “make or brake” phase; it will either work or the security controls of the company will prevent the exploit
- Installation: Install the payload and even more, like backdoor. Also hide the backdoor.
- Command and Control (C&C): two-way channel between target system and attacker system. Leverage privilege escalation if possible. Hide compromise of system with encryption
- Action on Objectives: start stealing the targeted asset (customers records etc), use denial of service (DOS) to affect the environment or use the system as a launching point to perform other attack.