LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What are the Cyber Kill Chain and MITRE ATT&CK, and how do they differ as ways of describing an attack?

The Cyber Kill Chain is a short, linear 7-stage model of an intrusion; MITRE ATT&CK is a large, detailed catalogue of attacker tactics organized into stages but not strictly sequential.

Lockheed Cyber Kill Chain seven stages as a serpentine.

* The Cyber Kill Chain — seven sequential intrusion stages, Reconnaissance through Actions on Objectives. *

Linear seven-stage Kill Chain mapped onto MITRE ATT&CK's granular tactic grid.

* Kill Chain (linear story) vs MITRE ATT&CK (granular tactic vocabulary). *

Lockheed Martin's Cyber Kill Chain runs: Reconnaissance → Weaponization → Delivery → Exploitation → Installation → Command & Control → Actions on Objectives. It is simple and good for explaining an attack's overall flow. MITRE ATT&CK is far more granular — tactics such as Initial Access, Execution, Persistence, Privilege Escalation, Defence Evasion, Credential Access, Discovery, Lateral Movement, Collection, Exfiltration, Command and Control, and Impact — each backed by hundreds of real-world techniques. WHY two models: the Kill Chain tells the story; ATT&CK gives the vocabulary and evidence to map exactly what an adversary did. See attack.mitre.org.

Go deeper:

From Quiz: ISM / Threat & Impact Modelling | Updated: Jul 05, 2026