Killchain Overview#

The “killchain” is a generic term for the process that an attacker follows to penetrate a system. Each step follows on from the last in a linear order and breaking a link in the chain breaks the attack… at least in theory. Either way, it is a popular concept and improving any of the links from the blue side can only be helpful.

“Killchain” is a generic term, but there are standard models that can be used:

  1. “The Cyber Killchain”, by Lockhead Martin

  2. “The Unified Kill Chain”, by Paul Pols

This section is based around a simplified Killchain that bas been used in TryHackMe. The sections are:

  1. Information Gathering

  2. Ennumeration / Scanning

  3. Exploitation

  4. Privilege Escalation

  5. Post Exploitation