| Name | Characteristics / Motivation | Danger |
|---|---|---|
| Script Kiddie | Bragging rights & wreaking havoc | 💀 |
| Hacktivists | (Pseudo-)political & social goals | 💀💀 |
| Competitors | Defamation & industrial espionage | 💀💀 |
| Organized Crime | Monetization, e.g. extortion & fraud (Providing Cyber-Crime-as-a-Service) |
💀💀(💀) |
| Evil Employees | Revenge & corruption Dangerous insider knowledge |
💀💀💀 |
| Nation States | Power! Unlimited resources & budget | 💀x100 |
| Threat | C | I | A |
|---|---|---|---|
| Network Sniffing | ✔️ | ||
| DDoS Attack | ✔️ | ||
| Rogue WiFi Access Point | ✔️ | ✔️ | (:heavy_check_mark:) |
| Electromagnetic Pulse (EMP) | (:heavy_check_mark:) | ✔️ | |
| Whistleblower | ✔️ | ||
| Social Engineering | ✔️ | ✔️ | ✔️ |
| Security Goal | Technical Measures | Organizational Measures |
|---|---|---|
| Confidentiality | e.g. AES/RSA, HTTPS, Tor, 2FA | e.g. Anonymous Payment Systems, Access Restrictions, Data Classification |
| Integrity | e.g. SHA2, HSTS, MACs, PGP/GPG, Blockchain | e.g. Version Control, Access Logs |
| Availability | e.g. Load Balancer, Circuit Breaker Pattern, Heartbeat Monitoring, RAID | e.g. 24/7 Support, On-Call-Duty, SLAs |
| Security Goal | Technical Measures | Organizational Measures |
|---|---|---|
| Accountability | e.g. Security Policies, Risk Assessments, RACI Matrix, Segregation of Duties | |
| Assurance | e.g. Vulnerability Scanner | e.g. KPIs, Customer/Supplier Audits, Penetration Test, Red Team |
- Default Internet browser is opened (as it is probably bound to open
.htmlfiles on most computers) - The JavaScript is executed resulting in the effective code
document["location"]=http://enjoyyourhaircut.com/5.html;being run - The browser is redirected to http://enjoyyourhaircut.com/5.html (which does not exist any more)
ℹ️ Only the yellow code sections are relevant as the payload. The rest is merely obfuscation to prevent detection by AV software!
1. Go through a door
a. When it’s unlocked:
i. Get lucky.
ii. Obstruct the latch plate (the “Watergate Classic”).
iii. Distract the person who locks the door at night.
b. Drill the lock.
c. Pick the lock.
d. Use the key.
i. Find a key.
ii. Steal a key.
iii. Photograph and reproduce the key.
iv. Social engineer a key from someone.
1. Borrow the key.
2. Convince someone to post a photo of their key ring.
e. Social engineer your way in.
i. Act like you’re authorized and follow someone in.
ii. Make friends with an authorized person.
iii. Carry a box, a cup of coffee in each hand, etc.2. Go through a window.
a. Break a window.
b. Lift the window.
3. Go through a wall.
a. Use a sledgehammer or axe.
b. Use a truck to go through the wall.
4. Gain access via other means.
a. Use a fi re escape.
b. Use roof access from a helicopter (preferably black) or adjacent
building.
c. Enter another part of the building, using another tenant’s access.