Member-only story
The Lore Of Hijacking Systems, Part 2
Operation: (Hu)Man
One cannot be vigilant 365 days a year, 24 hours a day, watching every corner, conceiving every single possibilities. The attacker can come from anywhere, in any form, any time, any how, and for the least expected reasons.
— Re: Vigil, 2003
In all organization, there are organization operational flows (and its Modus Operandi and Kultur) which organization needs to have high resolution traceability of (which the attackers would also be greatly keen, especially to find the lacks, gaps and exploitable vulnerabilities). These workflows should follow well-defined lifecycles, supported by tools and facilities.
1️⃣ Human and interactions over processes and procedures with their tools and facilities usage (especially where maybe lacking or misuse or abuse (hijack)).
When roles or functions are separated, the attention is divided. — 2006–05.23
2️⃣ Working components and possible entry points (if the organization does not have a comprehensive documentation or map out the entire terrain in high-resolution, the attackers would *).
* Principle: The one with lesser blindspots wins.
3️⃣ The interaction spans over from within the organization to external entities (or subjects, e.g. customer, contractors, vendors, authorized personnels, such as law enforcers, auditor, etc. collaboration) and objects (e.g. components, such as registered and trusted computational entities which may be hardware or software devices, and/or data or transmitted communications, etc) over actions and interactions (or predicates, e.g. contract negotiation, API calls, etc).
4️⃣ Understand how the entire system detect, respond and react to changes and over following a plan.
Any tooling vulnerability is also the weak link for attacks. Your facilities may include:
1. Compute: Such as for analytics, including for Machine Learning. 2. Storage: Which ranges for different data formats and classifications (common, sensitive to secret), for HA/DR, etc.3. Databases.4. Networking & Content Delivery: VPC (Virtual Private Cloud), etc.5. Registeries: IAM (Identity and Access Management), Certificate Manager, KMS, etc.6. Monitoring and logging: Audit (Compliance) access monitor and manager…