Unified Kill Chain in Cyber Threat Intelligence

Unified Kill Chain

Attack Phases (Tactics)

  1. Reconnaissance: identify and select targets
  2. Weaponization: set up infrastructure for attack
  3. Delivery: send weaponized object (e.g., malware) to target
  4. Social Engineering: manipulate people to perform unsafe actions
  5. Exploitation: take advantage of a vulnerability on target’s systems (possibly to execute code)
  6. Persistence: maintain access to systems
  7. Defense Evasion: avoiding detection and defenses
  8. Command and Control: communicate with compromised systems to control them
  9. Pivoting: use a controlled system to gain access to others
  10. Discovery: gain knowledge about system and network
  11. Privilege Escalation: gain higher-level permissions
  12. Execution: run attacker-controlled code
  13. Credential Access: steal usernames and passwords
  14. Lateral Movement: access and control other systems
  15. Collection: gather data of interest
  16. Exfiltration: steal data from the network
  17. Impact: manipulate, interrupt, or destroy systems or data
  18. Objectives: use social and technical means to achieve strategic goal

Attack Phase Combinations

  1. Initial Foothold: compromise a system to gain access to network (Reconnaissance, Weaponization, Delivery, Social Engineering, Exploitation, Persistence, Defense Evasion, Command and Control, Pivoting)
  2. Network Propagation: gain additional access within network (Pivoting, Discovery, Privilege Escalation, Execution, Credential Access)
  3. Action on Objectives: achieve goal of attack (Credential Access, Lateral Movement, Collection, Exfiltration, Impact, Objectives)

Unified Kill Chain in CTI

Additional Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chad Warner

Chad Warner

Cyber threat intelligence (CTI), cybersecurity, & privacy enthusiast. Seeking a CTI job. Bookworm. Fan of Tolkien & LEGO.