Friday, September 28, 2018

Hack and Detect - Mapping a Threat Actor's Tools, Techniques and Procedures (TTP)

One of the critical steps in performing your network forensics analysis, is to be able to generate a visual of what transpired. This visual allows you to get a graphical representation of a threat actor's TTPs.

Below is an example of mapping a threat actor's TTPs from my upcoming book. This graphic below represents the activity performed on a Windows 10 host with an ultimate pivot (lateral movement) to a Windows XP host on another subnet. Note, this all started via a spear-phishing attack. All it took was one click and its game over.

Map of the threat actors Tools, Techniques and Procedures (TTPS), providing Nakia with the necessary intelligence into how this Threat Actor operated, including its lateral movement from the compromised Windows 10 machine to a Windows XP device isolated from the internet.

If you like this mapping of the TTPs, prepare to grab a copy of the book from your favourite seller to learn more about how you can build your own.

You can download the pre-publication sample chapters here while you wait for the published version.

No comments:

Post a Comment