How to Use the MITRE ATT&CK® Framework and the Lockheed Martin Cyber Kill Chain Together

What is the Lockheed Martin Cyber Kill Chain?

The Lockheed Martin Cyber Kill Chain is the first attempt to describe the structure and lifecycle of a cyberattack.  It breaks a cyberattack into seven discrete stages.

The seven stages of the Cyber Kill Chain are:

Reconnaissance: The reconnaissance phase of a cyberattack is focused on learning as much as possible about the target.  This can include the use of open-source intelligence (websites, social media, etc.) and active investigation of the target environment. Weaponization: The goal of the reconnaissance phase is to discover a potential attack vector, and weaponization is intended to develop a method of exploiting a discovered weakness.  This may include development of custom malware, crafting a phishing email, etc. Delivery: The delivery stage involves setting up the target for exploitation.  This could be as simple as clicking send on a phishing email or may involve a complicated process of getting the right person at the right place at the right time. Exploitation: The exploitation phase is when the attacker takes advantage of the discovered weakness to gain access to the target environment.  This may involve exploiting a vulnerability in a webserver, a user enabling macros on a

Read More: