Which step in the cyber kill chain refers to the successful delivery of a tool that results in a breach and provides access to the target system?

The correct answer is the step that describes the moment when an attacker exploits a vulnerability in a system, which effectively enables them to breach that system. In this context, exploitation signifies that the attacker has successfully delivered malicious code or a tool that takes advantage of a specific weakness, leading to unauthorized access to the target’s environment. This marks a critical juncture in the cyber kill chain, as it transitions the attacker from the stages of preparation and planning to actual access and control.

During this phase, the motivations behind the attack and the tools used for exploitation are critical. Exploitation may involve methods such as executing a payload or launching an attack against a known vulnerability, resulting in the attacker gaining control over the affected system. Understanding this phase is essential for cybersecurity professionals as it highlights where defenses must focus to prevent successful breaches.

The other phases—such as weaponization, where tools are created or configured to be used against a target, and command and control (C2), which involves maintaining communication between the compromised system and the attacker's infrastructure—play significant roles in the overall attack lifecycle. However, they do not represent the act of breaching the system itself, which is central to why this specific step is categorized as exploitation.