---
type: "term"
title: "Kill Chain"
description: "A model describing the stages of a cyber attack from reconnaissance through exploitation to objective completion (originally Lockheed Martin Cyber Kill Chain)."
resource: "tlctc:term:kill-chain"
tags:
  - "glossary"
---
# Kill Chain

A model describing the stages of a cyber attack from reconnaissance through exploitation to objective completion (originally Lockheed Martin Cyber Kill Chain). In TLCTC: the kill chain concept is complementary to — but not a classification criterion for — the TLCTC framework. TLCTC classifies each step by the generic vulnerability exploited (cause-oriented), while kill chain models describe the phase of the attack (process-oriented). Attack paths in TLCTC notation (`#X → #Y → #Z`) naturally encode the kill chain progression without requiring a separate phase model.

**Reference:** V1.9.1 §F (Oversimplification)




**Related reading:** [The Kill Chain Fallacy — process is not taxonomy](https://www.tlctc.net/tlctc-KillChainFallacy.html), [CKC + ATT&CK + TLCTC — Holy Trinity of Defense](https://www.tlctc.net/blog-ckc-attack-tlctc-synthesis.html)

See also: Attack Path, Sequence, MITRE ATT&CK