MITRE ATT&CK to Kill Chain Models Mapping

@cybersecurity.wtf
1 min readDec 7, 2019

Those who have heard and read Cyber Kill Chain may not be aware that various organizations [Gartner, LockHeed, Varonis, SANS] mention it with slight variants. That might confuse you when you assume there is only one Cyber Kill Chain model. Again when you learn about MITRE ATT&CK, it might further confuse you how MITRE ATT&CK fit in those models.

One of the reasons why they can be so confusing to new learners with Penetration Testing background is because they are more or less derived from a typical Penetration Testing workflow. Anyone with Penetration Testing background could be bluffed by them with new terms (“model”, “kill chain”, “weaponization”).

For the sake of simplicity, and completeness at the same time, I combined all Kill Chain Models into a Fishbone Diagram and added MITRE ATT&CK Tactics and Techniques in relevant areas.

--

--