Member-only story
The Lore Of Hijacking Systems, Part 3
The Attack Framework
The Attack Framework
In the information technology security world, hackers think in factors of 5 E’s: Endurance (or Effort), Expertise, Equipment (including Information, including a handle, such as a weakness or vulnerability, which can be used as an Exploit), Espionage (Inside job), and some Eventuality (Enriched Expectation, possible event, or something that may happen, “engineered luck” or “engineered emergence”, i.e. process of coming into being or realization or becoming exposed after being concealed, whether deliberate or random chance). — Ursa
If there is a conceptual duality in the word — “vigilance”, I would see it as “blind-spots”. I don’t think there is a perfect strategy, thence, a perfect defense cannot exist despite the most well-thought of security mechanisms. — 2006
Principles (and Stages) of Attack and Defense
1. Localize
2. Recognize
3. Forge and Feint
4. Affect, Effect, Infect
5. Commit / Omit (Include / Exclude): Covet attacks
6. Clean and clearIf you truly want your system to `forget`, such as to empty the cache(s), zeroize every part of the involved memory.[Target]: Stage 1 and Stage 2
The attacker conducts Locate, Lock-down, and Lock-on the targets.Stage 1 and 2 are sometimes termed as Reconnaissance, where intruder selects target, researches it, and attempts to identify vulnerabilities in the target network or system.[Sneak and Confuse]: Stage 3
The attacker then conducts Lure, and Lead (or mislead) on the mark.Stage 3 to 4 depicts Weaponization as the intruder creates remote access malware weapon, such as a virus or worm or probe, tailored to one or more vulnerabilities or systemic gap.[Infiltrate and Penetrate]: Stage 4
When the conditions are not yet ripe, the attacker resort to Lull (stage 3), and await for a window to gain Access.Stage 4 is the Delivery where intruder transmits weapon to target (e.g., via e-mail attachments, websites, USB drives, or covet channels).In a non-invasive and passive mode, attacker sniffs and eavesdrops. Attacker may get active to elicit reaction, especially to probe and provoke for anormal ones, and induce abnormal responses.[Zero-Hour]: Stage 4 and Stage 5
Attacker conducts a Take-down and/or Take-over.
