[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Info about attack trees

To: Gage Bystrom <themadichib0d@xxxxxxxxx>
Subject: Re: [Full-disclosure] Info about attack trees
From: coderman <coderman@xxxxxxxxx>
Date: Sat, 26 May 2012 13:50:36 -0700

On Sat, May 26, 2012 at 1:32 PM, Gage Bystrom <themadichib0d@xxxxxxxxx> wrote:
> If you havnt guessed from the replies, there are no such thing as an attack
> tree...
> The classical method is something along the lines of preform recon,
> enumerate, attack, presist/extract data. You react based upon the
> information you gather, the more information you have, the clearer it is on
> to what the next step ought to be.

this concept is more useful in fully automated exploit +
post-exploitation systems, where you have an arsenal of exploits of
varying stealth, reliability, applicability. the result of exploit
preference, exploit chaining, and contingency paths based on real-time
feedback results in a tree like structure following the path of least
resistance to total compromise.

you need to prepare this tree ahead of time as a human in the loop
will only slow down the process and increase the risk of counter
measures frustrating further attack.

a pedant would call them exploit graphs ;)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Info about attack trees
  - From: Georgi Guninski

References:
- [Full-disclosure] Info about attack trees
  - From: Federico De Meo
- Re: [Full-disclosure] Info about attack trees
  - From: Gage Bystrom

Prev by Date: Re: [Full-disclosure] Info about attack trees
Next by Date: [Full-disclosure] ekoparty sercurity conference 2012 CFP is now OPEN!
Previous by thread: Re: [Full-disclosure] Info about attack trees
Next by thread: Re: [Full-disclosure] Info about attack trees
Index(es):
- Date
- Thread