Six characteristics of a security assessment
- information: back box or white box
- intensity: passive, cautious, balancing, aggressive
- extent: complete, partial, focused
- strategy: covered, open
- techniques: network, other comm, physical, social engineering
- perspective: external internal
Red teams and Blue teams
Red teams
- rooted in military security assessment
- security from adversarial perspective
- outside experts
- Goal: assessing incident response
- output: list of attack vectors and countermeasures
Blue teams
- defense group
- red team opponent
- internal security group
- goal: reacting and prevention of expected attacks.
- output: strengthening defensive and investigative procedures.
Unified cyber kill chain
- reconnaissance
- weaponization
- delivery
- social engineering
- exploitation
- persistence
- Defense evasion
- command and control
Network propagation
- pivoting
- discovery
- privilege escalation
- execution
- credential access
- lateral movement
Actions of objectives
- collections
- exfiltration
- target manipulation
- objectives