The Cyber Kill Chain is a modeling tool to help us demonstrate the steps typically used to break down the defenses within IT Security. The commonly used seven steps include:


Reconnaissance – Where the malicious entity does research on and selects their target.

Weaponization – Which is creation of malware payload

Delivery – Delivery of the malware payload. Can be via email (in a file or a link), smartphone, USB storage etc.

Exploitation – The malware code executes and exploits vulnerabilities within the IT environment.

Installation – Command & Control code is installed creating a backdoor

Command & Control – At this point an outside entity has control of a device within the IT Environment whether it is automated or human controlled.

Actions on Objectives – The attacker now puts goals in play which can be data theft, encryption, data destruction or just plain bringing the enterprise IT environment to a halt.


Hillstone Networks’s graphical representation of the Cyber Kill Chain in action

Cyber Kill Chain



For more info have a look at Hillstone Networks Download white paper