Open planglois925 opened 1 year ago
Options to capture social engineering MFA prompt exhaustion:
_philnote: if we use the same term for this as hacking.brute forcing and malware brute force, they'll get aggregated together, even tho they are conceptually different from a protection stand point)
2,3,7 Phishing site + malware password dumper are probably fine to capture using existing social varieties and malware. From a defensive perspective, it makes sense to group these together since they are defended in the same way.
SMS Hijacking (MFA Intercept)
action.hacking.variety.MFA intercept (capturing the secondary factor while in transit such as SMS hijacking)
action.hacking.variety.SIM card reassignment
action.hacking.variety.SIM Hijacking
action.hacking.variety.SMS Hijacking
action.hacking.vector.Other
Is SIM an asset? Is MFA a type of data?
Intercept may be a good but not interactive (confidentiality loss) Hijack (Attacker gains the ability to act as the victim and denies it to the victim)
Add: SIM asset (media? physical?) hijack action (which categories - hacking) Social brute force Multiple Authentication Factor data variety (any credential or other authentication factor in addition to the first)
Coding_style:
Currently there isn't a good way of capturing MFA bypass, in which there is a secondary action that is leveraged to bypass MFA.
Here are the types of attacks that are known:
Potentially out of scope