Sercan Azizoğlu's Personal Website
December 1, 2024

Lockheed Martin's Cyber Kill Chain® and Unified Kill Chain Frameworks for Cybersecurity

Posted on December 1, 2024  •  3 minutes  • 435 words
Table of contents

Introduction

In Cybersecurity, a framework for classifying and analysing cyber incidents is needed for scientific methodological necessities. Comparability and modelling are the foundation of any research in analysing a threat. “Kill Chain” is a term that explains the structure of an attack in the military. That concept has been modified for Cybersecurity. That concept has been modified for Cybersecurity in those two frameworks.

Lockheed Martin’s Cyber Kill Chain® is a framework that categorises a cyber attack into seven different subjects. It is a part of their Intelligence Driven Defense model, published in 2011.

“The Unified Kill Chain extends and combines existing models, such as Lockheed Martin’s Cyber Kill Chain® and MITRE’s ATT&CK™.” (Source )

Paul Pols developed it in his master's thesis, published in 2017. Those two frameworks have been introduced in TryHackMe’s Cyber Defense Frameworks Module.

Cyber Kill Chain®

In that model, authors Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin, Ph.D. categorized a cyber attack into seven distinct stages:

Image Credits: Lockheed Martin’s Official Webpage.

  1. Reconnaissance: The attacker gathers active or passive information about its target.
  2. Weaponization: They use discovered vulnerabilities to make tools and weapons against the target.
  3. Delivery: Sending and delivering the tool to the target.
  4. Exploitation: Using the tool to exploit the discovered vulnerability.
  5. Installation: Installing whichever other tool they want for their purposes.
  6. Command & Control (C2): In that stage, the attacker established a communication channel for long-term objectives.
  7. Actions on Objectives: They take action, whatever their initial purpose for the attack is.

Unified Kill Chain

In that model published by Paul Pols in 2017, a cyber attack can be categorised under 18 stages. As the author mentioned, that model is not prepared to compete with any other framework but to complete them.

Table Credits: The Unified Kill Chain’s Official Webpage.

Paul Pols has categorized those 18 stages under three different subjects:

Getting In

  1. Reconnaissance
  2. Resource Development
  3. Delivery
  4. Social Engineering
  5. Exploitation
  6. Persistence
  7. Defense Evasion
  8. Command & Control

Hacking Through

  1. Pivoting
  2. Discovery
  3. Privilege Escalation
  4. Execution
  5. Credential Access
  6. Lateral Movement

Taking It Out

  1. Collection
  2. Exfiltration
  3. Impact
  4. Objectives

Image Credits: The Unified Kill Chain’s Official Webpage.

Conclusion

Research against cyber attacks or conventional attacks will always require scientific methods. I believe that Lockheed Martin’s Cyber Kill Chain and Paul Pols’ Unified Kill Chain are two applicable models in Cybersecurity. I’d like to thank authors Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin, Ph.D. from Lockheed Martin and Paul Pols from the University of Leiden. I also want to thank TryHackme, cmnatic, and SecurityNomad for creating informative Unified Kill Chain and Cyber Kill Chain Rooms on the TryHackMe platform.

Social Media

LinkedIn