Attacker methodology: Cyber Kill Chain

While cyber vulnerabilities are common knowledge across the Department of Defense, the fundamentals of how to discover and think like your adversaries are less well known. Learning about each individual phase within the Cyber Kill Chain can help with this process. The Cyber Kill chain breaks down the mechanisms of an attack, so you can understand each phase from reconnaissance to actions on objectives. The lecture on the Cyber Kill Chain will be followed by an interactive capture the flag exercise.

Instructor background

Jeremiah is a Red Team operator with 9 years of hands-on experience in a range of different contexts. He is experienced in web application, network, and host testing. Prior to working in cyber operations, he served in the Marine Corps at 29 Palms. Currently, he leads client implementation of DoD solutions to combat digital dance moves of attackers at Synack, a crowdsourced security company.


A Kali Linux machine either as a VM or the host OS.

  • Introduction
  • Kill Chain phase 1: Reconnaissance
  • Kill Chain phase 2: Weaponization
  • Kill Chain phase 3: Delivery
  • Kill Chain phase 4: Exploitation
  • Kill Chain phase 5: Installation
  • Kill Chain phase 6: Command-and-control
  • Kill Chain phase 7: Actions on objectives
  • Capture the flag: Live fire exercise