Attack-Lifecycle
Command and Control (C2) — Remote Communication Channel for Compromised Systems
Command and Control (C2) refers to the infrastructure and communication mechanisms attackers use to remotely manage compromised systems. This SECMONS glossary entry explains how C2 works, common techniques, and how defenders detect and disrupt malicious control channels.
Data Exfiltration — Unauthorized Transfer of Sensitive Information
Data Exfiltration is the stage of an intrusion where attackers extract sensitive information from a compromised environment. This SECMONS glossary entry explains how data exfiltration works, common techniques, operational impact, and defensive detection strategies.
Defense Evasion — Techniques Used to Avoid Detection and Security Controls
Defense Evasion refers to the techniques attackers use to avoid detection, bypass security controls, and remain undetected within a compromised environment. This SECMONS glossary entry explains how defense evasion works, common techniques, and how defenders can detect and counter them.
Exploit Chain — Linking Multiple Vulnerabilities for Full Compromise
An Exploit Chain is a sequence of vulnerabilities or techniques combined to achieve full system compromise. This SECMONS glossary entry explains how exploit chains work, why single CVSS scores may underestimate risk, and how defenders should assess chained exploitation.
Initial Access — The First Stage of a Cyber Intrusion
Initial Access refers to the techniques attackers use to gain their first foothold inside a target environment. This SECMONS glossary entry explains common initial access vectors such as phishing, drive-by compromise, exploitation of public-facing applications, and credential abuse, and how defenders should assess and reduce exposure.
Kill Chain — Structured Model of the Cyber Attack Lifecycle
The Kill Chain is a structured model that describes the sequential stages of a cyber attack, from reconnaissance to impact. This SECMONS glossary entry explains the Lockheed Martin Cyber Kill Chain, its relevance in modern defense strategy, and how it complements MITRE ATT&CK.
Persistence — Maintaining Long-Term Access After Initial Compromise
Persistence is the stage of an intrusion where attackers establish mechanisms to maintain access to a compromised system or environment over time. This SECMONS glossary entry explains how persistence works, common techniques used by threat actors, and how defenders can detect and remove persistent footholds.
Threat Actor — Individuals or Groups Responsible for Cyber Operations
A Threat Actor is an individual, group, or organization that conducts malicious cyber activity. This SECMONS glossary entry explains threat actor types, motivations, capabilities, and how they are classified in cybersecurity intelligence reporting.