Attack-Lifecycle

Command and Control (C2) refers to the infrastructure and communication mechanisms attackers use to remotely manage compromised systems. This SECMONS glossary entry explains how C2 works, common techniques, and how defenders detect and disrupt malicious control channels.

Data Exfiltration is the stage of an intrusion where attackers extract sensitive information from a compromised environment. This SECMONS glossary entry explains how data exfiltration works, common techniques, operational impact, and defensive detection strategies.

Defense Evasion refers to the techniques attackers use to avoid detection, bypass security controls, and remain undetected within a compromised environment. This SECMONS glossary entry explains how defense evasion works, common techniques, and how defenders can detect and counter them.

The Kill Chain is a structured model that describes the sequential stages of a cyber attack, from reconnaissance to impact. This SECMONS glossary entry explains the Lockheed Martin Cyber Kill Chain, its relevance in modern defense strategy, and how it complements MITRE ATT&CK.

Persistence is the stage of an intrusion where attackers establish mechanisms to maintain access to a compromised system or environment over time. This SECMONS glossary entry explains how persistence works, common techniques used by threat actors, and how defenders can detect and remove persistent footholds.

A Threat Actor is an individual, group, or organization that conducts malicious cyber activity. This SECMONS glossary entry explains threat actor types, motivations, capabilities, and how they are classified in cybersecurity intelligence reporting.