Cyber Kill Chain and Diamond Model

Cyber Kill Chain The Cyber Kill Chain is a model developed by Lockheed Martin to describe the stages an attacker goes through to compromise a target. It consists of seven steps:

1. Reconnaissance: Gathering information about the target.

2. Weaponization: Creating a malicious payload using exploits.

3. Delivery: Sending the payload to the target (e.g., via phishing).

4. Exploitation: Exploiting a vulnerability to gain access.

5. Installation: Installing malware or obtaining credentials.

6. Command and Control (C2): Setting up a command and control channel to navigate the network.

7. Actions on Objectives: Achieving the attacker's goals, such as data exfiltration.

Diamond Model The Diamond Model, developed by the Centre for Cyber Threat Intelligence and Threat Research, focuses on four core elements in an attack:

1. Adversary: The actor or group responsible for the attack.

2. Capability: The tools or techniques used by the adversary.

3. Infrastructure: The physical or logical structures used to deliver the capability (e.g., C2 servers).

4. Victim: The target of the attack.

Mapping Cyber Kill Chain and Diamond Model

Analysts understand the sequence of events and the relationships between the adversary, infrastructure, capability, and victim.

• Reconnaissance: The adversary gathers information about the victim.

• Weaponization: The adversary creates a phishing email (capability) and a malicious payload (infrastructure).

• Delivery: The phishing email is sent to the victim.

• Exploitation: The victim clicks the link, and the malware is executed.

• Installation: The malware installs itself on the victim's system.

• C2: The malware sets up a command and control channel.

• Actions on Objectives: The malware exfiltrates data from the victim's system.