# Kill Chain ## Kill chain Overview Lockheed martin developed the first kill chain map but a few iteration have come along the way. The following cyber kill chains are made by Varonis and Cytomic. Both are good. ![](https://864121778-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Mk3RnfEHBP3zuZMsnli%2Fuploads%2FksYUqjBzT4M80T1kDQeL%2Fimage.png?alt=media\&token=16adb6cb-a0d0-41f0-8ab6-36fd91da65ac) Or even this one which divides **External** and **Internal** kill chains. ![](https://864121778-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Mk3RnfEHBP3zuZMsnli%2Fuploads%2F7OtSXTqCzbMgox3iHoyi%2Fimage.png?alt=media\&token=b04071a7-ad05-4b14-9ff3-a06c95ceda61) ## [Physical access & Hardware hacking](https://book.turbosec.net/hacking-methodologies/layer-0-phyisical-and-hardware) All you need is access\ \ **Note**: Not my favorite way of hacking but it still is very interesting. It can always be fun to phish with malware/trollware infected usb or keylog/tap into a line. In reality, this will happen probably never while doing a pentest, at least not a web-application/infrastructure test. I would assume that government-based hacking groups are very into hardware hacking for very obvious reasons, when you have a good amount of money and your hands in major electronic/distribution companies, it becomes a very scalable and scary attack vector ## [External Recon](https://book.turbosec.net/all-the-other-layers-recon) Don't peek, don't peek !\ \&#xNAN;***proceeds to peek*** There is no penetration testing without recon. Learn to scan properly to avoid getting blacklisted or detected by an IDS. Network scanning is an integral part of hacking. I would say that 95% of penetration tests will have any kind of scan involved, ranging from port scans, directory fuzzing, to intrusive SQL injection scans. ## [Internal Recon](https://book.turbosec.net/internal-recon) **Let's have a look inside.** \ Having a foot in a box is good but usually pretty limited, it is always a nice thing to elevate our privileges and capabilities. ## [Privilege Escalation](https://book.turbosec.net/post-exploitation/privilege-escalation) **root** \ Having a foot in a box is good but usually pretty limited, it is always a nice thing to elevate our privileges and capabilities. ## [Post Exploitation](https://book.turbosec.net/post-exploitation) **Persistence, C2, exfiltration, all the good stuff** \ Depending on the scenario, you might want to implement some form of backdoor and be able to come back whenever you want or can. ###