UKC
Unified Kill Chain
About this framework
The Unified Kill Chain is a threat model that describes the end-to-end phases of a cyber attack, unifying and extending earlier models (such as Lockheed Martin's Cyber Kill Chain) with MITRE ATT&CK. It lays out 18 ordered attack phases grouped into three broad stages — gaining an initial foothold ("In"), establishing presence and moving through the target environment ("Through"), and acting on objectives such as exfiltration or impact ("Out"). By stitching these phases together, it gives defenders a narrative of how an intrusion progresses from reconnaissance to objective, making it easier to reason about where controls and detections break the chain.
Who needs this
Threat-intelligence analysts, incident responders, detection engineers, and security architects who want to map attacker progression across a full intrusion and identify where in the chain their defenses intervene. Useful alongside MITRE ATT&CK for threat-informed defense and attack-path analysis.
See how UKC connects to the rest → the Security Universe
Control domains
IN · In — Initial Foothold 8
THR · Through — Network Propagation 6
OUT · Out — Action on Objectives 4
Ready to assess against UKC?
Start free trial →