#204: Spying on the Kill Chain
A look at the issues
Your business runs on data. But how do you know if it’s reliable?
Find out how to leverage Twilio Segment to collect and activate reliable data for smarter decision-making.
We know you run your business on data, so you better be able to depend on it.
Twilio Segment was purpose-built so that you don’t have to worry about your data. Forget the data chaos, dissolve the silos between teams and tools, and bring your data together with ease.
So that you can spend more time innovating and less time integrating.
Welcome to another _secpro!
This week, we're moving onto the Cyber Kill Chain and making it clear how we can apply the framework in the average day-to-day workings of a secpro. We've collected a range of useful insights and academic papers to keep you going, so scroll down and check them out!
In this week’s issue:
Navigating the Cyber Kill Chain: A modern approach to pentesting
Modelling cybersecurity strategies with game theory and cyber kill chain
Identification of Attack Paths Using Kill Chain and Attack Graphs
Cheers!
Austin Miller
Editor-in-Chief
Pinterest, Tinder, Meta speaking at DeployCon GenAI Summit!
DeployCon is a free, no-fluff, engineer-first summit for builders on the edge of production AI—and you’re on the guest list. On June 25 Predibase is taking over the AWS Loft in San Francisco and Streaming Online for a day of candid technical talks and war stories from the teams that ship large-scale AI.
In-Person @ AWS GenAI Loft – San Francisco
June 25, 9:30AM–2:00PM PT
Coffee, lightning talks, and lunch with the AI infra community
The event is free, but space is limited so register now. Hope to see you there!
Live Stream – Wherever You Are
Can’t make it to SF? Join virtually and get the same expert content, live.
June 25, 10:30AM–1:30PM PT
This week's articles
Reconnaissance and the Cyber Kill Chain
And here we go ahead! Now that we're done with MITRE ATT&CK, we're moving onto Lockhead Martin's Cyber Kill Chain. This week, a general introduction before we move onto the important moving parts of the approach.
AI GRC
Join Hemang as he sketches out the issues for GRC in the age of AI. This was our premium expert article for _secpro last month, so make sure to sign up for premium on Substack and find out everything we have to offer!
News Bytes
Brian Krebs survives a record ~6.3 Tbps DDoS via Aisuru IoT botnet: Krebs reports an unprecedented DDoS attack—peaking at ~6.3 Tbps over 45 seconds—on his site, orchestrated by a new IoT botnet dubbed “Aisuru,” marking one of the largest volumetric attacks to date.
Suspected Russian Hackers Use Advanced Phishing on UK Researcher: Reuters reports that Russian government–linked threat actors impersonated a U.S. State Department official over two weeks, using highly polished emails—potentially powered by AI—to trick Chatham House researcher Keir Giles into handing over an app-specific password. This highlights a new level of sophistication in phishing campaigns.
Breaking Down the Latest Patch Tuesday Report by the SecMaster: "Microsoft has released its June 2025 Patch Tuesday security updates, addressing 66 vulnerabilities across Windows, Office, Exchange Server, Azure, Visual Studio, and other products. This includes fixes for two zero-day vulnerabilities, with one being actively exploited in the wild."
Australia Requires Ransomware Victims to Declare Payments: "A new Australian law requires larger companies to declare any ransomware payments they have made."
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet: Trend Micro reveals active exploitation of a critical zero-day (CVE‑2025‑3248) in Langflow (< v1.3.0), delivering the Flodrix botnet for system compromise, DDoS, and data exfiltration. Reported June 17.
Race-condition flaws CVE‑2025‑5054 & CVE‑2025‑4598 leak core dump data: Qualys TRU uncovered two local info-leak bugs in Linux crash-report tools—Apport (Ubuntu) and systemd-coredump (RHEL/Fedora). Both can expose sensitive data (even /etc/shadow) via race conditions. Users are urged to patch or disable SUID core dumps.
This week's academia
Navigating the Cyber Kill Chain: A modern approach to pentesting (Letao Zhao, 2024): This paper explores how penetration testers use the Cyber Kill Chain as a strategic roadmap—mirroring each step from reconnaissance to impact—to simulate realistic attacks. By systematically testing each phase, pentesters can uncover weaknesses across an organization’s incident response capabilities and improve overall resilience.
The Cyber Kill Chain Model and Its Applicability on The Protection of Students Academic Information Systems (SAIS) in Tanzanian HEIs (George Matto, 2024): This case-study–driven research applies the seven-step Cyber Kill Chain to analyze and strengthen defenses around student academic information systems in Tanzanian universities. It identifies step-specific measures—such as network monitoring during reconnaissance or authentication controls during credential theft—that effectively mitigate threats to SAIS.
Modelling cybersecurity strategies with game theory and cyber kill chain (2025): This paper integrates game-theoretic modeling with the Cyber Kill Chain, formulating attacker–defender strategies across CKC stages (e.g., attacker chooses “weaponization” vs. defender’s “monitor system”). Using a case study, it demonstrates how mixed-strategy equilibria can improve the allocation of defensive resources through quantitative analysis.
Identification of Attack Paths Using Kill Chain and Attack Graphs (Sadlék, Čeleda & Tovarňák, 2022): This research merges Kill Chain methodology with attack-graph modeling to create a "kill chain attack graph." It visualizes potential multi-step attack pathways within protected networks and helps administrators predict which CKC phase is most critical—enabling focused mitigation strategies. Demonstrated on real-world scenarios, this graph-based model aids in defense prioritization.
Upcoming events for _secpros this year
Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!
DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.
Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.
Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.