{"id":20493913,"url":"https://github.com/qeeqbox/cyber-kill-chain","last_synced_at":"2026-02-19T14:06:09.572Z","repository":{"id":57768863,"uuid":"527675909","full_name":"qeeqbox/cyber-kill-chain","owner":"qeeqbox","description":"Cyber Kill Chain is a model that Lockheed Martin created for understanding (Describe the sequence of events) and stopping cyberattacks","archived":false,"fork":false,"pushed_at":"2024-01-29T01:14:19.000Z","size":120,"stargazers_count":10,"open_issues_count":0,"forks_count":6,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-19T01:54:18.694Z","etag":null,"topics":["chain","cyberattack","infosecsimplified","kill","lifecycle","qeeqbox"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qeeqbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-22T17:56:33.000Z","updated_at":"2025-06-24T19:14:28.000Z","dependencies_parsed_at":"2024-01-29T02:41:52.680Z","dependency_job_id":"c42565a5-c05c-4e17-bee5-06a217753b7d","html_url":"https://github.com/qeeqbox/cyber-kill-chain","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/qeeqbox/cyber-kill-chain","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fcyber-kill-chain","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fcyber-kill-chain/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fcyber-kill-chain/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fcyber-kill-chain/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qeeqbox","download_url":"https://codeload.github.com/qeeqbox/cyber-kill-chain/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fcyber-kill-chain/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29616961,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T13:04:20.082Z","status":"ssl_error","status_checked_at":"2026-02-19T13:03:33.775Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chain","cyberattack","infosecsimplified","kill","lifecycle","qeeqbox"],"created_at":"2024-11-15T17:37:25.065Z","updated_at":"2026-02-19T14:06:09.347Z","avatar_url":"https://github.com/qeeqbox.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/kill-chain/main/kill-chain.png\"\u003e\u003c/p\u003e\n\n## Cyber Kill Chain\nCyber Kill Chain is a model that Lockheed Martin created for understanding (Describe the sequence of events) and stopping cyberattacks\n\n## Steps\n#### Reconnaissance\nThreat actor gathers information about the target\n- Passive\n- Active\n\n##### Security controls\n- Detect: NIDS, Threat Intelligence, Logs (SIEM)\n- Deny: Information Sharing Policies, Firewall ACL\n- Disrupt: Active Defenses\n- Degrade: Honeypot, Redirect Loops, Active Defenses\n- Deceive: Create Fake Posting, Degrade cell\n\n#### Weaponization\nThreat actor creates an attack vector (malware, email attachments, web pages, links, pop-ups, messages, social engineering, etc..) that can exploit the vulnerabilities from the reconnaissance step. The attack vector will be the entry point\n\n##### Security controls\n- Detect: NIDS, Threat Intelligence\n- Deny: NIPS\n\n#### Delivery\nThe threat actor delivers the attack vector to the target\n\n##### Security controls\n- Detect: NIDS, HIDS\\AV\n- Deny: Web/Email/Proxy Filter, Application Whitelisting, AV\n- Disrupt: Web/Email/Proxy Filter, AV\n- Degrade: Sinkhole, Queuing, Deny, and Distrubt cells\n- Deceive: Honeypot\n\n#### Exploitation\nOnce the attack vector is on the target, the target is either breached or ready to be breached (The threat actor needs to execute the attack vector)\n\n- Detect: NIDS, HIDS\\AV\n- Deny: HIPS, AV, Secure Password, Hardened systems (Patch Management)\n- Disrupt: Deny cell, DEP\n- Degrade: Restrict User Accounts\n- Deceive: Honeypot\n\n#### Installation\nThe attack vector will be installed on the victim’s system\n\n##### Security controls\n- Detect: HIDS\\AV, Logs (SIEM), AV\n- Deny: Application Whitelisting, Block Execution, Firewall ACL, Privilege separations\n- Disrupt: HIPS, DEP\n- Degrade: Deny cell, Disrupt cell\n- Deceive: Honeypot\n\n#### Command \u0026 Control (C2) \nThe threat actor is now controlling the victim’s system, and this is where the threat actor moves laterally\n\n##### Security controls\n- Detect: HIDS\\AV, NIDS\n- Deny: Firewall ACL, Egress Filter, Sinkhole, Network Segmentation\n- Disrupt: DEP, Sinkhole\n- Degrade: Deny cell, Disrupt cell\n- Deceive: Honeypot, Sinkhole, DNS Redirect\n\n#### Actions on Objective\nThe threat actor will carry out their objectives (Data exfiltration, destruction, and extortion)\n\n##### Security controls\n- Detect: Logs (SIEM)\n- Deny: Firewall ACL, Egress Filter, Network Segmentation\n- Disrupt: Network Segmentation, DLP, NIPS, HIPS\n- Degrade: Network Segmentation, Quality of Service\n- Deceive: Honeypot\n\n## ID\nb35c2204-7d11-4472-8923-91fdb380b454\n\n## References\n- https://en.wikipedia.org/wiki/Kill_chain\n- https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html\n- https://csrc.nist.gov/CSRC/media/Presentations/The-Cyber-OODA-Loop-How-Your-Attacker-Should-Help/images-media/day3_security-automation_930-1020.pdf\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fcyber-kill-chain","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqeeqbox%2Fcyber-kill-chain","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fcyber-kill-chain/lists"}