Cyber Kill Chain — Military approach to cyber attacks and defense

In this article we will dive into the Cyber Kill Chain for Cybersecurity. The Cyber kill chain framework is originally developed by Lockheed Martin and takes inspiration from the Military Kill chain, where steps taken by adversaries in their effort to achieve their objective, is identified. By understanding how an adversary is utilizing an attacking, it’s possible for the defender to step in at any of these stages and try to break the kill chain and thereby block the attack.

For more about Cyber Warfare see Cyber Warfare — Truth, Tactics, and Strategies:

Learn the skills needed to get a career within Cybersecurity. Vinsloev Academy provide educational content from around the web:

This tutorial is divided into each of the stages within the Cyber Kill chain and has an attached video which further explain and demonstrate tools relevant in a given stage. The videos utilizes the Kali Linux OS as this Operation System contain most of the software used by cyber security experts today.

For more stories by Vinsloev Academy, sign up as a member and support our work:

Cyber Kill Chain — Reconnaissance

The first stage is Reconnaissance which focuses on information gathering of the target before the actual attack. There is three types of reconnaissance Passive, Active and non-technical.

Passiv: Looking for publicly available information on the internet. e.g. Whois, NSlookup, Censys, Shodan, Social Media and Dumpster diving.

Active: Interaction with the target. e.g. Technical Vulnerabilities scanning, Fingerprinting, nmap and Web application scanning.

Non-Technical: e.g. Physical interaction.

Cyber Kill Chain — Weaponization

Weaponization is the second stage of the Cyber Kill Chain. By understanding ones own vulnerabilities, individuals and companies have the chance to weaken or eliminate attackers’ ability to effectively weaponize information they collect about their environments in the Reconnaissance stage. For examples on how to perform weaponization watch the video below.

Cyber Kill Chain — Delivery

The third stage in the cyber kill chain is delivery, which involves transmitting the weaponized payload crafted in stage two, from the attacker to the target information system for exploitation. For examples of this watch the video below.

Cyber Kill Chain — Exploitation and Installing

The next section combines both exploitation and installing stage. The purpose of the exploitation stage is to exploit the weakness in the victim’s system and target the weakest link in any system.

The Installing stage on the other hand is the phase following after a victim has being tricked by the planned delivery and our malicious file begin installing malware onto the system. For examples of this, watch the video below.

The remaining two stages of the Cyber Kill Chain is not present with examples in this tutorial, but to fully understand the framework a textual description is included.

Command And Control

Command and control is the sixth stage of the cyber kill chain. Command and control, also known as C2, is when the attacker has delivered their payload onto to the target network and is now taking control.

Actions On Objectives

The actions and objectives of the payload dependent on the objective that the attacker has, examples of objectives could be focused on data exfiltration, denial of service or destruction.

For more tutorials and content like this visit the Vinsloev Academy page here on Medium or on YouTube:



At Vinsloev Academy we strive to change the world by making software development skills available to all who wish to learn and evolve.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

At Vinsloev Academy we strive to change the world by making software development skills available to all who wish to learn and evolve.