The Cyber Kill Chain is a framework created by Lockheed Martin to define and describe the steps use by an adversary to compromise and exfiltrate data in the cyberspace. The different phases involve in the kill chain can help us understand the adversary better and mitigate their various attacks successfully by breaking the chain. img: Lockheed Martin The attack phases involve in the kill chain are: Reconnaissance Weaponization Delivery Exploitation Installation Command and Control Actions on Objectives.

A pyramid which represents how much pain we can cause to an adversary by detecting indicators of their attacks. img: SOCRadar The Pyramid Hash Values: Detecting of hash values as a indicator is fairly easy to evade for an adversary by simply changing just a bit from the file. So hash values are considered trivial and is ranked the lowest and widest in the pyramid. IP Address: It is easy for an adversary to use a lot of different IP addresses and since it doesn’t take time to spun up a new IP address, blocking of ip addresses are easy for an adversary to evade.