# Kill Chain ## Kill chain Overview Lockheed martin developed the first kill chain map but a few iteration have come along the way. The following cyber kill chains are made by Varonis and Cytomic. Both are good. ![](/files/a8SoXN50xvAhbrsPPNPn) Or even this one which divides **External** and **Internal** kill chains. ![](/files/PYlCVdMmdWgDed1sw3TL) ## [Physical access & Hardware hacking](/hacking-methodologies/layer-0-phyisical-and-hardware.md) All you need is access\ \ **Note**: Not my favorite way of hacking but it still is very interesting. It can always be fun to phish with malware/trollware infected usb or keylog/tap into a line. In reality, this will happen probably never while doing a pentest, at least not a web-application/infrastructure test. I would assume that government-based hacking groups are very into hardware hacking for very obvious reasons, when you have a good amount of money and your hands in major electronic/distribution companies, it becomes a very scalable and scary attack vector ## [External Recon](/all-the-other-layers-recon.md) Don't peek, don't peek !\ \&#xNAN;***proceeds to peek*** There is no penetration testing without recon. Learn to scan properly to avoid getting blacklisted or detected by an IDS. Network scanning is an integral part of hacking. I would say that 95% of penetration tests will have any kind of scan involved, ranging from port scans, directory fuzzing, to intrusive SQL injection scans. ## [Internal Recon](/internal-recon.md) **Let's have a look inside.** \ Having a foot in a box is good but usually pretty limited, it is always a nice thing to elevate our privileges and capabilities. ## [Privilege Escalation](/post-exploitation/privilege-escalation.md) **root** \ Having a foot in a box is good but usually pretty limited, it is always a nice thing to elevate our privileges and capabilities. ## [Post Exploitation](/post-exploitation.md) **Persistence, C2, exfiltration, all the good stuff** \ Depending on the scenario, you might want to implement some form of backdoor and be able to come back whenever you want or can. ### --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.turbosec.net/hacking-methodologies/layers.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.