Skip to content
Log in

Cyber Kill Chain

Definition

A seven-phase linear model of an intrusion developed by Lockheed Martin in 2011. The phases are: Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, Command and Control, and Actions on Objectives. Breaking the chain at any phase prevents the attacker from reaching their goal.

Related terms

Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Lateral movement
Attacker activity after initial compromise in which the threat actor traverses from one internal system to another, typically to escalate privileges, access...
MITRE ATT&CK
A publicly available knowledge base of adversary tactics, techniques, and procedures derived from real-world intrusion observations. Maintained by the MITRE Corporation. Techniques...
TTP (Tactics, Techniques, Procedures)
The three levels of specificity used to describe attacker behaviour. Tactics are the goal (e.g., persistence). Techniques are the method (e.g., scheduled...
Unified Kill Chain
An 18-phase model by Paul Pols (2017, updated 2021) that extends the Cyber Kill Chain by integrating MITRE ATT&CK and adding coverage...

Explained in

  • The Cyber Attack LifecycleA seven-phase linear model of an intrusion developed by Lockheed Martin in 2011. The phases are: Reconnaissance, Weaponisation, Delivery, Exploitation, Install...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account