The Unified Kill Chain
The Unified Kill Chain
Overview of the attack phases
| Attack | Phase | Description |
|---|---|---|
| 1 | Reconnaissance | Researching, identifying and selecting targets using active or passive reconnaissance. |
| 2 | Weaponization | Preparatory activities aimed at setting up the infrastructure required for the attack. |
| 3 | Delivery | Techniques resulting in the transmission of a weaponized object to the targeted environment. |
| 4 | Social Engineering | Techniques aimed at the manipulation of people to perform unsafe actions. |
| 5 | Exploitation | Techniques to exploit vulnerabilities in systems that may, amongst others, result in code execution. |
| 6 | Persistence | Any access, action or change to a system that gives an attacker persistent presence on the system. |
| 7 | Defense Evasion | Techniques an attacker may specifically use for evading detection or avoiding other defenses. |
| 8 | Command & Control | Techniques that allow attackers to communicate with controlled systems within a target network. |
| 9 | Pivoting | Tunneling traffic through a controlled system to other systems that are not directly accessible. |
| 10 | Discovery | Techniques that allow an attacker to gain knowledge about a system and its network environment. |
| 11 | Privilege Escalation | The result of techniques that provide an attacker with higher permissions on a system or network. |
| 12 | Execution | Techniques that result in execution of attacker-controlled code on a local or remote system. |
| 13 | Credential Access | Techniques resulting in the access of, or control over, system, service, or domain credentials. |
| 14 | Lateral Movement | Techniques that enable an adversary to horizontally access and control other remote systems. |
| 15 | Collection | Techniques used to identify and gather data from a target network prior to exfiltration. |
| 16 | Exfiltration | Techniques that result or aid in an attacker removing data from a target network. |
| 17 | Impact | Techniques aimed at manipulating, interrupting, or destroying the target system or data. |
| 18 | Objectives | Socio-technical objectives of an attack that are intended to achieve a strategic goal. |
The First Phase - In
The Second Phase - Through
The Third Phase - Out
References
This post is licensed under CC BY 4.0 by the author.