resources.mdLast modified a month ago

References

Three Tenets for Secure Cyber-Physical System Design and Assessment http://dartmouth.edu/~gvc/ThreeTenetsSPIE.pdf

Cyber Security Deception https://www.semanticscholar.org/paper/Cyber-Security-Deception-Almeshekah-Spafford/101feca00418270ffbb5cda4884dc24ab0aaab22

My Work

Attack Life-Cycle Approach

The Attack Life-Cycle approach consists of mental-models & reusable “architecture-patterns” that are derived from Three Tenets for Secure Cyber-Physical System Design and Assessment. These mental-models are useful for both business & technical stake-holders as shared-perspectives related to offensive & defensive aspects of any Cyber-Physical systems.

One-way SFTP

An interesting way to put Bindfs together (running on a host) with a specially configured dockerized SFTP container based on Openssh to achieve logical one-way data transfer. Can write but never read. When the adversary figures out how to use the SSH-keys, the natural tendency is to SSH for a shell. That will trip the system & cause an alert.

Automated Tactics Techniques & Procedures

A way to organise offensive scripting according to mental models like Attack-Life-Cycle tactical map, Kill-Chain™, MITRE ATT&CK™ & so on. Offensive automation is useful for re-running complex offensive sequences for product evaluations & generating data for researchers. Together with automating Infrastructure-as-Code, this is the other half of what is known as “scenario”, that are deployed in various Cyber-Range solutions.