Kill Chain

Threats ⚠️ • Network Attacks 🎯 • Security+ 🏆 • Difficulty: premium

Definition

The kill chain is a model that breaks a cyberattack into stages so defenders can understand how an attack progresses and identify opportunities to detect or stop it.

Examples

A phishing campaign begins with a fake email, tricks a user into opening a malicious attachment, installs malware, contacts an attacker-controlled server, and then steals data.
An attacker scans a company website for weaknesses, exploits a vulnerable application, gains a foothold on the server, and later moves deeper into the environment.

Discover 🔎

Cyberattacks usually do not happen in a single moment. They unfold through a series of steps. An attacker may first gather information, then look for a way in, then establish control, and finally carry out the real objective. The kill chain helps defenders see that sequence clearly.

This matters because security is easier when you can interrupt an attack early. If defenders understand the stages an attacker is likely to follow, they can place controls, monitoring, and response actions at several points instead of waiting until the final damage appears. In other words, the kill chain helps teams think proactively instead of reactively.

Remember: The kill chain is useful because it turns an attack into a sequence of stages that defenders can study, detect, and disrupt.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.