Difference between revisions of "Cyber Kill Chain"
Jump to navigation
Jump to search
(Created page with "'''Cyber Kill Chain''' is a series of steps for tracing the stages of a cyberattack. The Steps include: # Reconnaissance: Attackers assess the situation to identify targets a...") |
|||
| Line 1: | Line 1: | ||
| − | '''Cyber Kill Chain''' is a series of steps for tracing the stages of a cyberattack. The | + | The '''Cyber Kill Chain''' is a series of steps for tracing the stages of a cyberattack.<ref>[https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Cyber Kill Chain, Lockheed Martin]</ref> The steps include: |
# Reconnaissance: Attackers assess the situation to identify targets and tactics. | # Reconnaissance: Attackers assess the situation to identify targets and tactics. | ||
# Intrusion: with [[malware]] or security vulnerabilities. | # Intrusion: with [[malware]] or security vulnerabilities. | ||
Revision as of 19:10, 4 August 2021
The Cyber Kill Chain is a series of steps for tracing the stages of a cyberattack.[1] The steps include:
- Reconnaissance: Attackers assess the situation to identify targets and tactics.
- Intrusion: with malware or security vulnerabilities.
- Exploitation: of vulnerabilities to deliver malicious code into the system.
- Privilege Escalation: Attackers escalate their privileges to the level of Admin to gain access to data and permissions.
- Lateral Movement: Attackers move laterally to other systems and accounts, gaining leverage, higher
permissions and more data and access.
- Obfuscation/Anti-forensics: Attackers cover their tracks with false trails, compromise data, and clear logs to confuse forensics teams.
- Denial of Service: Attackers disrupt access for users and systems to evade monitoring, tracking, or being blocked.
- Exfiltration: Attackers extract data from the compromised system.[2]