Skip to content

Snapping us some dark matter

Making attack trees from researching security issues to help us organise our thoughts. Another work in progress. [Work in progress]

Pentesting is not a linear process, more like a spontaneous choreography, a sequence of chosen movements as the dance unfolds. It is also highly context and purpose dependent.

Attack Trees (based on security research) represent often used movements and can help organise our thoughts around which tools and scripts may be reuseful for which type of pentesting and/or various audits (and which mitigations we may need for our own development efforts).

Attack trees

Do not implement and execute these on a network or system you do not own. Execute only on your own systems for learning purposes. Do not execute these on any production network or system, unless "Rules of engagement" have been agreed on, and you have a "Get out of jail free" card of some sort.

The below categorisation is somewhat arbitrary, some trees have more detail, some lack such detail because we haven't tried them yet, and some are just mere paragraphs with intent to make the tree.

Index

Problems or Suggestions

This project welcomes contributions and suggestions.

Open an issue here

Back to top