Attacks Phases

Escalation of goals and privileges.

• Public knowledge opens doors to private information and access to protected domains [Infiltration].

• The first illicit access to a protected domain may not provide a relevant outcome.

• The attacker must acquire more knowledge [Learning].

• The additional knowledge allows to access other secure domain zones/devices/data with increasing relevance [Propagation].

  • At any phase, the attacker may require additional knowledge [Learning].

• When a relevant outcome is acquired it must be transferred outside of the protected domain [Exfiltration].

• Direct exfiltration may denounce the relevant points inside of the secure domain.

  • The relevant outcome must be first transferred inside the protected domain to a less important point [Aggregation].

  • The attacker chooses a point that may be detected and lost without harm.

Technical Network Vulnerabilities

Software

• Applications.

• Frameworks/API.

• Protocols.

• Operating Systems.

  • Kernel, kernel modules, drivers, and base applications.

  • Configurations!

Hardware

• Physical tempering.

• Physical emissions.

  • Electromagnetic emissions, sound, ...

• Power stability, Electromagnetic Pulses (EMP), etc ...

Known vs. Unknown

• CVE.

• IDS/IPS and antivirus databases.