To hunt attackers on their networks and raise resilience, enterprises can use various attack models such as Lockheed Martin’s Cyber Kill Chain© and MITRE’s ATT&CK™ framework. These models are individually valuable but limited in their scope of application. The modus operandi (MO) of APTs also does not necessarily coincide with these models, which limits their predictive value and leads to misaligned investments in defensive capabilities.In this presentation, Paul Pols will detail a “Unified Kill Chain” that overcomes these deficiencies and covers modern cyber-attacks end-to-end. The model was iteratively developed in a master’s thesis through literature research and case studies. The Unified Kill Chain can be used to defend against expected attacker behavior through layered defense strategies that adopt the assume breach and defend in depth principles. The Unified Kill Chain offers an improvement over the scope of the Cyber Kill Chain© and the time-agnostic nature of the ATT&CK™ model.The Unified Kill Chain has been used to analyze and compare the tactical MO of a red team and that of APT28 (Fancy Bear), to improve threat emulation and to raise resilience. The comparison shows the potential to improve the predictive value of red team assessments.