Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A framework outlining the common stages of a cyberattack, from reconnaissance to data exfiltration, helping defenders identify and disrupt threats.
Cyber Kill Chain Definition: A framework outlining the common stages of a cyberattack, from reconnaissance to data exfiltration, helping defenders identify and disrupt threats.
The Cyber Kill Chain framework breaks down cyber attacks into seven sequential stages, similar to how military operations are analyzed. Developed by Lockheed Martin, it maps the typical progression attackers follow: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and finally, actions on objectives. This model's value lies in helping defenders understand where in the attack sequence they can most effectively disrupt adversaries. For instance, it's often easier to block malicious email attachments (delivery phase) than to detect data exfiltration (actions phase). Security teams use the Kill Chain to map their defensive capabilities, identifying gaps in coverage for particular attack phases. It also helps communicate about attacks in a structured way. While the model has been criticized for focusing primarily on malware-based attacks rather than covering the full spectrum of modern threats, it remains a foundational concept that has influenced many subsequent attack frameworks.
Turn knowledge into credentials. Browse our instructor-led cybersecurity courses.
View All Courses →