Skip to content
Log in

Unified Kill Chain

Definition

An 18-phase model by Paul Pols (2017, updated 2021) that extends the Cyber Kill Chain by integrating MITRE ATT&CK and adding coverage of insider threats, supply-chain attacks, and multi-stage campaigns. Organised into three macro-stages: In, Through, and Out.

Related terms

Cyber Kill Chain
A seven-phase linear model of an intrusion developed by Lockheed Martin in 2011. The phases are: Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, Command...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Lateral movement
Attacker activity after initial compromise in which the threat actor traverses from one internal system to another, typically to escalate privileges, access...
MITRE ATT&CK
A publicly available knowledge base of adversary tactics, techniques, and procedures derived from real-world intrusion observations. Maintained by the MITRE Corporation. Techniques...
TTP (Tactics, Techniques, Procedures)
The three levels of specificity used to describe attacker behaviour. Tactics are the goal (e.g., persistence). Techniques are the method (e.g., scheduled...

Explained in

  • The Cyber Attack LifecycleAn 18-phase model by Paul Pols (2017, updated 2021) that extends the Cyber Kill Chain by integrating MITRE ATT&CK and adding coverage of insider threats, suppl...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account