killchain-compendium/misc/Killchains.md

1.6 KiB

Security Killchains

Frameworks of killchains are inherited from the military and separate steps in which an attack occurs.

Lockheed & Martin

  1. Reconnaissance
  2. Weaponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command & Control
  7. Actions on Objectives

Mitre ATT&CK Matrix

Mitre ATT&CK is a matrix of Tactics, Techniques and Procedures (TTP) of adversaries called Adanced Persistent Threats (APT). The tactics are

  1. Reconnaissance
  2. Resource Development
  3. Initial Access
  4. Execution
  5. Persistence
  6. Privilege Escalation
  7. Defense Evasion
  8. Credential Access
  9. Discovery
  10. Lateral Movement
  11. Collection
  12. Command and Control
  13. Exfiltration
  14. Impact

Crowdstrike as a threat intelligence tool is built on the Mitre ATT&CK framework.

Unified Cyber Kill Chain

The Unified Cyber Kill Chain is the youngest and
most detailed framework and builds upon the other frameworks. It contains combined
stages which are seen as lifecycles with potentially repeatable steps.

  1. Reconnaissance
  2. Weaponization
  3. Delivery
  4. Socical Engineering
  5. Exploitation
  6. Persistance
  7. Defense Evation
  8. Command & Control
  9. Pivoting
  10. Discovery
  11. Privilege Escalation
  12. Execution
  13. Credential Access
  14. Lateral Movement
  15. Collection
  16. Exfiltration
  17. Impact
  18. Objectives

Mentioned lifecycles are Inital Foothold, Network Propagation and
Actions on Objective