CYSA+ study area.

Adventures in Cybersecurity: Chapter 2.

Attack frameworks, Diamond Model, Kill Chain, CVSS, risk, and threat modeling.

Home Keep going

Notes

Study material that needed a place to live.

Present me looking out for future me. Future me loses handwritten notes.

Attack frameworks

MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. The Diamond Model focuses on adversary, capability, infrastructure, and victim.

Kill Chain

The Kill Chain describes stages of an intrusion. It gives defenders a way to think about where an attacker is and where disruption may still work.

CVSS basics

Attack Vector describes how the attacker reaches the vulnerable component.
Attack Complexity describes how hard exploitation is.
Privileges Required describes the access needed before exploitation.
Confidentiality, Integrity, and Availability describe impact.

Risk

Risk management rates vulnerabilities by likelihood and impact. Threat modeling helps identify threats and attacks before the architecture has already made them expensive.

Chapters

Keep moving.

The chapters are connected. So are most problems once you pull enough thread.

Chapter 1 Chapter 2 Chapter 3 Chapter 4