Lockheed Martin Kill Chain
Similar to the Mitre Attack Matrix, the Lockheed Martin Kill Chain is a framework used to describe the various stages of a cyberattack, and it provides a structured approach to defending against such
Uses?
The Kill Chain consists of seven stages, each of which represents a phase of an attack, and identifying the stage at which an attack is occurring can help defenders develop strategies to mitigate the attack.
Steps:
Reconnaissance: Gathering the information on the host device/network/etc that is going to be exploited or attacked. This often includes IP addresses, Open ports, Running services, OS versions, etc.
Weaponization: This step is the process of making or obtaining the "weapon" that they are going to use against the target. This can include malware, exploits; anything that can be used against another system to compromise it.
Delivery: The process in which the weapon is delivered to the target system. This can be done in many ways, many relating to social engineering.
Exploitation: Once the attacker has gotten into the network, they can begin execution of the exploits. Having the weapon already delivered, the next step is to execute it and leverage it to attack the system.
Installation: In this stage, the attacker installs the weapon on the target system. This can involve various techniques, including creating a backdoor, installing a keylogger, or downloading additional malware.
Command and Control: Using the compromised network, the attacker now focuses on commanding and controlling it in order to communicate with the victims or cause delay in the work being done on the network.
Actions on Objectives: This step varies greatly from attack to attack. This can be stealing valuable information, messing with the network so that it is unusable, installing a ransomware, etc.
Last updated