The Cyber Kill Chain
The CompTIA penetration testing model described in the previous sections is an important way for penetration testers to structure their activities. There is an equally important counterpart to this model that describes how sophisticated attackers typically organize their work: the Cyber Kill Chain model. This approach, pioneered by Lockheed Martin, consists of the seven stages shown in Figure 1.4.
Source: Lockheed Martin
Cybersecurity professionals seeking to adopt the hacker mind-set can only do so if they understand how attackers plan and structure their work. The Cyber Kill Chain provides this model. As you seek to reconcile it with the CompTIA process, you might choose to think of it as expanding the Information Gathering and Vulnerability Identification and Attacking and Exploiting stages into seven more detailed steps, as shown in Figure 1.5.
Captain...