What is the Cyber Kill Chain, and what well-known framework complements it for understanding attacker behavior?
The Cyber Kill Chain (Lockheed Martin) models a cyber attack as a sequence of stages; MITRE ATT&CK complements it as a detailed knowledge base of attacker tactics and techniques.
* The Cyber Kill Chain — seven stages; break any link to disrupt the attack. *
The Cyber Kill Chain breaks an intrusion into ordered phases — classically: reconnaissance → weaponization → delivery → exploitation → installation → command & control → actions on objectives. The defensive idea: break any single link and you disrupt the whole attack. It maps attacker strategy onto identifiable steps you can detect and interrupt.
MITRE ATT&CK (https://attack.mitre.org) is a continuously updated, real-world knowledge base of adversary tactics (the "why" — goals like persistence, lateral movement) and techniques (the "how"). Defenders use it to map detections, find gaps, and emulate threats.
Tip: Kill Chain = the high-level stages of an attack (strategy view); ATT&CK = the granular tactics & techniques catalogue (tactical view). They're a natural pairing for threat modeling and detection engineering.
Go deeper:
Cyber Kill Chain® (Lockheed Martin) — the originator's page for the 7-stage Intelligence Driven Defense® model.
Cyber kill chain (Wikipedia) — the phase diagram plus per-phase countermeasures and the newer Unified Kill Chain.
MITRE ATT&CK — the live Enterprise matrix of adversary tactics and techniques to map detections against.