CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass
Showing posts with label Adversary. Show all posts
Showing posts with label Adversary. Show all posts

Monday, October 14, 2024

The Diamond Model of Intrusion Analysis

 The Diamond Model of Intrusion Analysis

The Diamond Model of Intrusion Analysis is a cybersecurity framework that helps analysts understand and analyze cyber threats and attacks. It uses four components to visualize the relationship between the attacker, victim, and infrastructure during a cyber-attack:

  • Adversary: The actor who uses a capability against the victim
  • Capability: The tools, techniques, and procedures used by the adversary to attack the victim
  • Infrastructure: The underlying infrastructure
  • Victim: The target of the attack

The Diamond Model uses mathematical and cognitive reasoning to trace and authenticate cyber threats. It's a simple yet powerful model that helps analysts create a comprehensive view of cyber attacks.

Here are some ways the Diamond Model is used:

  • Documenting, analyzing, and correlating intrusions: The Diamond Model can document, analyze, and correlate intrusions into an organization's digital, network, and physical environments.
  • Describing threat actor behaviors: The Diamond Model can describe the behaviors of threat actors.
  • Ordering events: The Diamond Model can help order events because threat actors don't take actions in isolation.
  • Creating activity threads: Activity threads can be constructed as adversary-victim pairs.
  • Creating pivots: The logical deductions from traversing the Diamond are called pivots. 

Posted by at No comments:
Labels: , , , ,

Wednesday, April 24, 2024

Attack Frameworks:

 Attack Frameworks


MITRE ATT&CK (MITRE Adversarial Tactics, Techniques, and Common Knowledge)
This provides a database of known TTPs (Tactics, Techniques, and Procedures). 
Here is a link to the website: MITRE ATT&CK
Each individual technique is assigned a unique ID. 
The tactics are persistence, command & control, and initial access.

The Diamond Model of Intrusion Analysis
This is used to analyze an intrusion based on four core features:
  • Victim
  • Capability
  • Infrastructure
  • Adversary
Cyber Kill Chain Attack Framework
This is a white paper put out by Lockheed Martin.
This shows the order of the stages of an attack.
1. Reconnaissance—This is the stage where the attacker chooses the methods to use for the attack. The attacker collects information about the target's computer systems, supply chain, and employees.
2. Weaponization - The attacker chooses what exploit and payload code to use for the attack. 
3. Delivery - the attack vector to transmit the attack code to the target, an email attachment, or a USB drive.
4. Exploitation - trick a user into running the code by clicking on an attachment or drive-by-download.
5. Installation - this stage is for persistence
6. Command and Control (C2) - this stage is where the attacker can install additional tools
7. Actions on Objectives - this stage is where data exfiltration occurs.





Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)