Define Cyber Kill Chain and describe its steps 

Cyber Kill Chain is a concept developed by Lockheed Martin in 2011 to describe an attacker’s process of exploitation. It is also known as Intrusion Kill Chain, and it provides a framework for describing how malicious actors gain access to systems or networks and execute their objectives. This framework can be used to detect and respond to threats.

The Cyber Kill Chain consists of seven steps:  Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control (C2), and Actions on Objectives. Each step represents an action taken by the attacker in order to achieve its goal.

Reconnaissance is the first step in the Cyber Kill Chain. During reconnaissance activities attackers are gathering information about potential targets such as IP addresses, open ports/services running on them etc. Attackers use various methods such as port scanning or phishing emails for this purpose. By collecting all this data they gain insight into what kind of vulnerabilities exist within target organization’s security profile so that they could choose appropriate exploit techniques later in attack process.

Weaponization involves creating tools to actually carry out an attack against target system(s). Attackers use existing exploits which may have been released publicly or leaked from other organizations or specially crafted malware payloads developed specifically for the given task at hand and configured accordingly so that it could reach its intended victims successfully without being detected by anti-virus solutions deployed by target organization’s security team or any other network security measures put in place there like firewall/IDS etc..

Exploitation follows delivery after malicious code reaches targeted system via previously mentioned paths . During this stage attacker uses various vulnerability research techniques from both manual source code review approach as well as automated fuzzing based scanner looking into vulnerable input parameters exploitable within context of targeted application . Upon successful exploitation attacker gains full control over victimized machine providing him with ability to further penetrate deeper inside targeted network perimeter towards his ultimate goal – achieving actions on objectives .

Installation phase begins once exploited vulnerability allows execution of arbitrary code provided either directly during exploitation stage e.g Remote Code Execution flaw allowing upload/execution shellcode written afterwards ,or chosen weaponized tool priorly created during weaponization stage i ncluding keyloggers , ransomware programs etc.. At installation phase Attacker tries hardening his position inside victim’s machine making sure he has enough privileges required not only for further infiltration but also if needed -for persistence after reboot taking place at later stages when reboot required due C2 communication requirements implemented between compromised machines sharing stolen data across ones own infrastructure while bypassing corporate firewalls put in place there trying stopping malicious traffic flow coming from outside world including cyberkillchain related attacks themselves since most commonly these type infiltrations conducted through phishing campaigns made possible thanks usage internet facing services available within social engineering coverups helping criminals obtaining confidential credentials leading towards sensitive areas spread advantageously throughout company wide infrastructures whereupon significant amounts valuable data located waiting sadly eventually getting stolen too late noticed thereby falling underneath cyberkillchain final objective – actions on objectives .