As we've learned in previous chapters, the Cyber Kill Chain consists of logical steps that are required to exploit a target, whether it be a system or a person. By understanding the steps an adversary must take, we can then look at how these steps map to the steps within the OODA loop.

Let's take a look at how we can correlate a threat's OODA loop with the Cyber Kill Chain:

 

Phase 1 of the Cyber Kill Chain:

• Reconnaissance maps to Observe because the threat is looking for any vulnerabilities on the target that they can exploit 
• Weaponization maps to Orient because the threat needs to start target prioritization for exploitation
• Weaponization also maps to Decide because once the threat has prioritized how it will exploit a target, they will also find the vehicle with which to prepare to deploy 

Phases 2 and 3 of the Cyber Kill Chain:

• Act maps to Delivery | Exploitation | Installation | Command and Control because these are the steps that are taken in order to initiate a successful intrusion and breach into a system
• Once the threat has access to and control of the targeted system we cycle back to Observe on Actions on Objective because the threat is now looking for additional opportunities to exploit resources to their advantage