enter_the_matrix
enter_the_matrix copied to clipboard
Published
20 hours ago •
blacklanternsecurity
blacklanternsecurity
[Scenarios] Parent-Child Relationships
Explanation
To enable branching in attack narratives, enable scenarios to be nested under each other.
- To present the graph of the parent, or children scenarios: Begin with the parent, and then branch into the children routes
- To present the threat matrix deliverable: Make a narrative combining the parent with each branch
Example
- Parent: Attacker achieves initial access through a hardware implant and is able to capture relayed domain credentials
- Child1: Attacker utilizes relayed domain credential to abuse ADCS misconfigurations and execute a DCSync
- Child2: Attacker utilizes relayed domain credential to abuse CVE-2021-36942, gain DA privileges, and deploy ransomware to environment
Graph
graph TD;
Parent1-->Child1;
Parent1-->Child2;
Threat Matrix
| ID | Name |
|---|---|
| Scenario 1 | Hardware Implant to DCSync |
| Scenario 2 | Hardware Implant to Ransomware |
Additionally, to allow for branching and merging through child elements, scenarios should reference their own parents and immediate children to allow for the following graph structure:
graph TD;
Root-->Child1;
Root-->Child2;
Child1-->Child3;
Child1-->Child4;
Child2-->Child5;
Child2-->Child6;
Child3-->Child7;
Child4-->Child7;
Child5-->Child8;
Child6-->Child8;
Child7-->Child9;
Child8-->Child9;