GitHub
commit
ff52b1f98b
|
|
@ -24,12 +24,8 @@
|
||||||
"expanded": "Tarpits, Sandboxes and Honeypots"
|
"expanded": "Tarpits, Sandboxes and Honeypots"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Threat Intelligence",
|
"value": "Intelligence and Counterintelligence",
|
||||||
"expanded": "Threat Intelligence"
|
"expanded": "Intelligence and Counterintelligence"
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "Threat Hunting",
|
|
||||||
"expanded": "Threat Hunting"
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Adversary Takedowns",
|
"value": "Adversary Takedowns",
|
||||||
|
|
@ -126,11 +122,6 @@
|
||||||
"value": "CounterDeception",
|
"value": "CounterDeception",
|
||||||
"expanded": "Answer to deception",
|
"expanded": "Answer to deception",
|
||||||
"description": "Answer to deception from adversary is counter-deception, for example: answer to phish with shadow user account to uncover next adversary actions"
|
"description": "Answer to deception from adversary is counter-deception, for example: answer to phish with shadow user account to uncover next adversary actions"
|
||||||
},
|
|
||||||
{
|
|
||||||
"value": "Counter-Deception",
|
|
||||||
"expanded": "Active counterdeception",
|
|
||||||
"description": "Answer to adversary deception and his tactical goals, example: if You know the adversary goal(extraction) You can plant documents with fake content to enable damage on adversary sources (fake blueprints of engine, which explode on purpose)"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
@ -155,37 +146,52 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"predicate": "Threat Intelligence",
|
"predicate": "Intelligence and Counterintelligence",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "Passive - OSINT",
|
"value": "Intel Passive",
|
||||||
"expanded": "OpenSourceINTelligence",
|
"expanded": "Passive gathering, managing etc. of threat intelligence. Ie. getting data from public, available resources",
|
||||||
"description": "Use of OSINT for creating of Threat Intelligence"
|
"description": "Getting threat intel from open and publicly available resources"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Passive - platforms",
|
"value": "Intel Active",
|
||||||
"expanded": "Platforms for TI",
|
"expanded": "Active or proactive intel gathering, collecting etc. Ie. closed resources as private forums, gossip ...",
|
||||||
"description": "Save, share and collaborate on threat intelligence platforms"
|
"description": "Getting threat intel from closed resources or trusted parties as private chats or exploitation of groups etc."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Counter-Intelligence public",
|
"value": "Counterintel Defensive",
|
||||||
"expanded": "Counter Intelligence",
|
"expanded": "Includes subcategories as Deterrence and Detection ",
|
||||||
"description": "Active retrieval of Threat Intelligence for purpose of defense collected with available public resources - example: active monitoring of web services to uncover action before happen (forum hacktivist group)"
|
"description": "Focuses on detecting and neutralizing adversary efforts to compromise or exploit digital systems."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Counter-Intelligence government",
|
"value": "Counterintel Defensive - Deterrence",
|
||||||
"expanded": "Counter Intelligence",
|
"expanded": "Deterrende in cyber space as part of strategy",
|
||||||
"description": "Active retrieval of Threat Intelligence for purpose of defense collected with non-public resources - example: cooperation between secret services in EU"
|
"description": "Aims to discourage adversary actions by demonstrating strong protective measures and potential consequences."
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"predicate": "Threat Hunting",
|
"value": "Counterintel Defensive - Detection",
|
||||||
"entry": [
|
"expanded": "Detection Engineering",
|
||||||
|
"description": "Ideally focuses on identifying and exposing adversary activities before they can cause harm."
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"value": "Threat Hunting",
|
"value": "Counterintel Offensive",
|
||||||
"expanded": "Threat Hunting",
|
"expanded": "Includes subcategories as Detection, Deception and Neutralization",
|
||||||
"description": "Threat Hunting is the activity of active search for possible signs of adversary in environment"
|
"description": "Involves actively disrupting or deceiving adversary intelligence operations to gain strategic advantage"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Counterintel Offensive - Detection",
|
||||||
|
"expanded": "Detect operations of adversary before they reach friendly environment",
|
||||||
|
"description": "Detection involves actively identifying and exposing adversary cyber operations to disrupt their efforts."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Counterintel Offensive - Deception",
|
||||||
|
"expanded": "Creating deception campaigns, fake accounts, penetrating adversary communication with use of deception...",
|
||||||
|
"description": "Uses false information and tactics to mislead and confuse adversaries in their cyber operations."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Counterintel Offensive - Neutralization",
|
||||||
|
"expanded": "Adversary disruption as influence operation, environment disturbance to prevent adversary operations...",
|
||||||
|
"description": "Neutralization aims to disrupt and eliminate adversary cyber threats before they can inflict damage."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue