Closed simonhacks closed 4 years ago
Here are my notes for today:
(Hardware) Machine Instance (Either physical or virtual) Networking Machine (e.g. Router, Firewall, etc.)
Data Information (contained in Data or Connection or Machine)
Account/Service Account User/Identity Role/Privilleges (because one service account could have many roles but only one user)
Network
Connection or Dataflow(?)
Network Clients & Servers
Software (running on a Machine) Vulnerabilities (no need to be an asset, it will be an attack step on Machine/Software)
And some ideas on attack steps: A Machine could be discoverable (discover) instead of connectable (connect) Access could remain as is for legitimate access (leg. Access -> access) but We can have compromisedAccess for attacks