OSF Offensive Security Fundamentals Cyber Kill Chain Learning Hub
Educational Cybersecurity Framework

Understand how modern attacks progress from recon to impact.

Offensive Security Fundamentals explains the core stages of the Cyber Kill Chain in a structured, accessible way for students, new penetration testers, and IT professionals transitioning into security roles.

Featured Module Start at Recon
Site Overview

A structured mental model for offensive security

Many newcomers encounter reconnaissance, lateral movement, and command and control as isolated terms. This site organizes them into a coherent framework so readers can understand how each stage supports the next and how defenders can interrupt attacks before they reach final impact.

Rather than focusing on exploit development or specific tool usage, the emphasis here is conceptual understanding. Each section explains what attackers try to accomplish, why that stage matters, and what defenders can watch for in order to reduce risk.

Cyber Kill Chain overview diagram showing the progression from reconnaissance to impact and defense.
Stage 01

Reconnaissance

Information gathering that reduces uncertainty and reveals entry points.

Stage 02

Initial Access

The moment an attacker gains a foothold through phishing, vulnerabilities, or weak authentication.

Stage 03

Execution and Expansion

Attackers run commands, escalate privileges, persist, move laterally, and establish control channels.

Learning Flow

Follow the lifecycle one stage at a time

Each page is written like a guided module. Readers move from one phase of the attack lifecycle to the next while seeing how technical actions connect to operational goals and defensive opportunities.

01Recon
02Initial Access
03Execution
04Privilege Escalation
05Lateral Movement
06Command and Control
07Impact and Defense
Ethical Framing

Built for education and defense

This project is meant to improve defensive understanding, not to provide attack instructions. The goal is to help readers recognize how adversaries think so they can better detect, prevent, and respond to malicious activity.

Ethical use and defensive cybersecurity graphic with shield motif.