Friday, September 28, 2018

Hack and Detect - Mapping a Threat Actor's Tools, Techniques and Procedures (TTP)

One of the critical steps in performing your network forensics analysis, is to be able to generate a visual of what transpired. This visual allows you to get a graphical representation of a threat actor's TTPs.

Below is an example of mapping a threat actor's TTPs from my upcoming book. This graphic below represents the activity performed on a Windows 10 host with an ultimate pivot (lateral movement) to a Windows XP host on another subnet. Note, this all started via a spear-phishing attack. All it took was one click and its game over.

Map of the threat actors Tools, Techniques and Procedures (TTPS), providing Nakia with the necessary intelligence into how this Threat Actor operated, including its lateral movement from the compromised Windows 10 machine to a Windows XP device isolated from the internet.

If you like this mapping of the TTPs, prepare to grab a copy of the book from your favourite seller to learn more about how you can build your own.

You can download the pre-publication sample chapters here while you wait for the published version.


  1. This comment has been removed by a blog administrator.

  2. Hey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you. Twitter followback

  3. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... Twitter followback