Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added idea compass pattern #486

Merged
merged 1 commit into from
Jun 1, 2024
Merged

Added idea compass pattern #486

merged 1 commit into from
Jun 1, 2024

Conversation

HillviewCap
Copy link
Contributor

What this Pull Request (PR) does

My PR adds the create_idea_compass pattern using the Zettelkasten method of note taking
Below is the output using Claude Opus

Here is a summary of the key points from the survey on adversarial reconnaissance techniques:

Tags:: #cybersecurity #reconnaissance #adversary #taxonomy

Date:: 04/19/2023

Idea/Question::

The paper provides a comprehensive survey and taxonomy of the techniques, tactics, and tools that adversaries use to conduct reconnaissance activities throughout the cyber attack process. It aims to categorize and understand this complex but vital aspect of cyber attacks.

Definition::

Reconnaissance refers to the ongoing process used by attackers to gather as much information as possible about target systems or networks that can be used to conduct various types of malicious activity, such as gaining unauthorized access or denial of service. It plays a crucial role throughout the cyber kill chain.

Evidence::

  • Reconnaissance enables attackers to understand system configurations and find ways to exploit vulnerabilities. Case studies like the Ukrainian power grid cyberattack and Bangladesh Bank cyber heist show the importance of both external and internal reconnaissance.

  • The paper categorizes target information into non-technical (organization details, people information) and technical (network, host, application, user-level).

  • Reconnaissance occurs in two main phases - external (before gaining network access) and internal (after breaching the network).

  • The taxonomy categorizes recon techniques based on the source: third-party (footprinting), human-based (social engineering), and system-based (scanning, sniffing, side-channel attacks).

Source::

Roy, S., Sharmin, N., Acosta, J.C., Kiekintveld, C. and Laszka, A., 2022. Survey and Taxonomy of Adversarial Reconnaissance Techniques. ACM Computing Surveys (CSUR).

West:: Similar

  • Other cyber kill chain models and attack life cycle frameworks
  • Penetration testing and red teaming methodologies
  • Threat intelligence and indicators of compromise

East:: Opposite

  • Defensive measures like intrusion detection, deception, moving target defense
  • Security awareness training to counter social engineering
  • Limiting publicly available information about systems and people

North:: theme/question

  • How do different types of adversaries conduct reconnaissance?
  • What motivates attackers to prioritize certain information?
  • How can defenders detect and mitigate different recon techniques?

South:: What does this lead to?

  • Improved modeling of adversary reconnaissance process and decision making
  • Empirical studies on prevalence and effectiveness of recon techniques
  • Development of targeted defensive measures based on the taxonomy
  • Analysis of evolving recon techniques for new technologies like AI/ML systems

Related issues

No issue adding a new pattern

Screenshots

image

@danielmiessler danielmiessler merged commit dfa6c96 into danielmiessler:main Jun 1, 2024
eugeis pushed a commit that referenced this pull request Oct 19, 2024
@danielmiessler
Merge pull request #486 from HillviewCap/main
6603fc1 
Added idea compass pattern
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HillviewCap @danielmiessler