The general methodology used by adversaries falls into 5 phases. Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks. At each phase there are tools, techniques, and procedures that can be used. The best way to thwart the adversary is with a defense in depth.
Cyber warfare has many similarities with traditional warfare, and many of the same strategies and methodologies have carried over ancient times into modern times. For thousands of years, understanding your enemy has been a hallmark of great military strategists.
As cyber defenders, it is critical that you understand how your opponent operates. The Cyber Kill Chain is the process that attackers must undergo in order to successfully execute a major hacking operation. There are different ways the process can be broken down, but one way to understand the Cyber Kill Chain is to break it down into five major steps: Recon, Scanning, Gaining Access, Maintaining Access, and Covering Tracks.