Ç < ] o o z ] v u ] u } v d } o v v o Ç ] d z } x h v v ...€¦ · title: microsoft...
TRANSCRIPT
David PeersBournemouth OWASP, 2019
Cyber Kill Chains, Diamond Modelsand Analysis Methods.
Understanding how Intelligence works.
• Jargon• Intelligence Cycle• Typical installation of malware• Cyber Kill Chains• Diamond Model• Threat actor types• 3 Scenarios
Covered tonight…
Jargon
• Events and Incidents• IoA• IoC• IoT• TTP• Bias• Risk• Black Swan• Hypothesis
• APT• Assets• Asset• Adversary• Adversary Operator• Adversary Customer• Attack• Campaign• Cyber (enabled) crime
Intelligence Cycle
1
Planning and
Direction
2
Collection
3
Processing
4
Analysis
5
Delivery
Generationof
Intelligence
Consumption of
Intelligence
Creates Data
Creates Information
Creates Intelligence
CreatesDecisions
Cyber Kill Chain
7 step process, developed by Lockheed Martin, to breakdown the process of intrusion and compromise.
Diamond Model #1
Infrastructure
Victim
Capability
Adversary
Diamond Model #2
Capability
Adversary
Victim
Infrastructure
Uses
Connects to Exploits
Develops
Threat Actor Types
State Sponsored
Organised Crime
Criminal Hacktivists
Disgruntled Employees
Script Kiddies
Low High
Population, Commitment, TimeStealth, Knowledge, Funding
Low
Impact
Nuisance
DoS, Data Breech
Brand, Reputation
Fraud, Identity, Espionage
National Infrastructure, ElectionsAbility
Scenarios 1, 2 & 3
Let’s have some fun!