Attacks Phases
Last updated
Last updated
Escalation of goals and privileges.
Public knowledge opens doors to private information and access to protected domains [Infiltration].
The first illicit access to a protected domain may not provide a relevant outcome.
The attacker must acquire more knowledge [Learning].
The additional knowledge allows to access other secure domain zones/devices/data with increasing relevance [Propagation].
At any phase, the attacker may require additional knowledge [Learning].
When a relevant outcome is acquired it must be transferred outside of the protected domain [Exfiltration].
Direct exfiltration may denounce the relevant points inside of the secure domain.
The relevant outcome must be first transferred inside the protected domain to a less important point [Aggregation].
The attacker chooses a point that may be detected and lost without harm.
Applications.
Frameworks/API.
Protocols.
Operating Systems.
Kernel, kernel modules, drivers, and base applications.
Configurations!
Physical tempering.
Physical emissions.
Electromagnetic emissions, sound, ...
Power stability, Electromagnetic Pulses (EMP), etc ...
CVE.
IDS/IPS and antivirus databases.