Cybersecurity

The Cyber Kill Chain Explained: 7 Stages of an Attack

The cyber kill chain (from Lockheed Martin) breaks an attack into seven sequential stages — from the attacker's first research to their final goal. Its power for defenders: break the chain at any stage and you stop the attack.

The seven stages

  1. Reconnaissance — research the target.
  2. Weaponization — build the malware/payload.
  3. Delivery — send it (email, USB, web).
  4. Exploitation — trigger the vulnerability.
  5. Installation — establish a foothold.
  6. Command & Control — remote control the victim.
  7. Actions on Objectives — steal data, encrypt, disrupt.

Breaking the chain

Every stage is a defensive opportunity: email filtering stops delivery, patching blocks exploitation, EDR catches installation, and egress monitoring spots command & control. Understanding the chain turns scattered defences into a strategy — and pairs with MITRE ATT&CK's finer detail.

Frequently asked questions

What is the cyber kill chain?

A seven-stage model of a cyberattack — reconnaissance, weaponization, delivery, exploitation, installation, command & control, and actions on objectives.

How do defenders use the kill chain?

By identifying controls that break the attack at each stage — stopping it anywhere along the chain prevents the final objective.

How is the kill chain different from MITRE ATT&CK?

The kill chain is a high-level linear sequence; ATT&CK is a detailed catalogue of specific techniques within those broad phases.

VS
Vipul Sir — Lead Instructor, Attila Technologies20+ years in Cisco networking. Teaching CCNA, CCNP, CCIE & CyberOps in Ahmedabad since 2004.

Want hands-on training?

Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.

Start your networking career with Attila Technologies

Hands-on Cisco training, real lab devices and placement support in Ahmedabad.