killchain-compendium/Miscellaneous/Killchains.md

66 lines
1.6 KiB
Markdown

# Security Killchains
Frameworks of killchains are inherited from the military and separate steps in which an attack occurs.
## Lockheed & Martin
* [Lockheed & Martin's Cyber Kill Chain Website](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html)
1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. Command & Control
7. Actions on Objectives
## Mitre ATT&CK Matrix
[Mitre ATT&CK](https://attack.mitre.org) is a matrix of __Tactics, Techniques and Procedures (TTP)__ of adversaries called __Adanced Persistent Threats (APT)__. The tactics are
1. Reconnaissance
2. Resource Development
3. Initial Access
4. Execution
5. Persistence
6. Privilege Escalation
7. Defense Evasion
8. Credential Access
9. Discovery
10. Lateral Movement
11. Collection
12. Command and Control
13. Exfiltration
14. Impact
[Crowdstrike](https://crowdstrike.com) as a threat intelligence tool is built on the Mitre ATT&CK framework.
## Unified Cyber Kill Chain
[The Unified Cyber Kill Chain](https://unifiedkillchain.com) is the youngest and
most detailed framework and builds upon the other frameworks. It contains combined
stages which are seen as lifecycles with potentially repeatable steps.
1. Reconnaissance
2. Weaponization
3. Delivery
4. Socical Engineering
5. Exploitation
6. Persistance
7. Defense Evation
8. Command & Control
9. Pivoting
10. Discovery
11. Privilege Escalation
12. Execution
13. Credential Access
14. Lateral Movement
15. Collection
16. Exfiltration
17. Impact
18. Objectives
Mentioned lifecycles are __Inital Foothold__, __Network Propagation__ and
__Actions on Objective__