Assess current holdings, needs, and wants
|
Assign KITs, KIQs, and/or intelligence requirements
|
Determine approach/attack vector
|
Acquire OSINT data sets and information
|
Acquire OSINT data sets and information
|
Acquire OSINT data sets and information
|
Analyze application security posture
|
Analyze organizational skillsets and deficiencies
|
Analyze business processes
|
Acquire and/or use 3rd party infrastructure services
|
Acquire and/or use 3rd party infrastructure services
|
Build social network persona
|
Build and configure delivery systems
|
Review logs and residual traces
|
Disseminate removable media
|
Assess KITs/KIQs benefits
|
Receive KITs/KIQs and determine requirements
|
Determine highest level tactical element
|
Conduct active scanning
|
|
Conduct social engineering
|
Analyze architecture and configuration posture
|
Analyze social and business relationships, interests, and
affiliations
|
Analyze organizational skillsets and deficiencies
|
Acquire and/or use 3rd party software services
|
Acquire and/or use 3rd party software services
|
Choose pre-compromised mobile app developer account credentials or
signing keys
|
Build
or acquire exploits
|
Test ability to evade automated mobile application
security analysis performed by app stores
|
Distribute malicious software development tools
|
Assess leadership areas of interest
|
Submit KITs, KIQs, and intelligence requirements
|
Determine operational element
|
Conduct passive scanning
|
Conduct social engineering
|
Determine 3rd party infrastructure services
|
Analyze data collected
|
Assess targeting options
|
Analyze presence of outsourced capabilities
|
Acquire or compromise 3rd party signing certificates
|
Acquire or compromise 3rd party signing certificates
|
Choose pre-compromised persona and affiliated accounts
|
C2 protocol
development
|
Test
callback functionality
|
Friend/Follow/Connect to targets of interest
|
Assign KITs/KIQs into categories
|
Task requirements
|
Determine secondary level tactical element
|
Conduct social engineering
|
Identify business relationships
|
Determine centralization of IT management
|
Analyze hardware/software security defensive capabilities
|
|
Assess opportunities created by business deals
|
Anonymity services
|
Buy domain name
|
|
Compromise 3rd party or closed-source vulnerability/exploit information
|
Test malware in various execution environments
|
Hardware or software supply chain implant
|
Conduct cost/benefit analysis
|
|
Determine
strategic target
|
Determine 3rd party infrastructure services
|
Identify groups/roles
|
Determine physical locations
|
Analyze organizational skillsets and deficiencies
|
|
Assess security posture of physical locations
|
Common, high volume protocols and software
|
Compromise 3rd party infrastructure to support delivery
|
Friend/Follow/Connect to targets of interest
|
Create custom
payloads
|
Test malware to evade detection
|
Port redirector
|
Create implementation plan
|
|
|
Determine domain and IP address space
|
Identify job postings and needs/gaps
|
Dumpster dive
|
Identify vulnerabilities in third-party software libraries
|
|
Assess vulnerability of 3rd party vendors
|
Compromise 3rd party infrastructure to support delivery
|
Create backup infrastructure
|
Obtain Apple iOS enterprise distribution key pair and certificate
|
Create infected removable media
|
Test physical
access
|
Upload, install, and configure software/tools
|
Create strategic plan
|
|
|
Determine external network trust dependencies
|
Identify people of interest
|
Identify business processes/tempo
|
Research relevant vulnerabilities/CVEs
|
|
|
Data Hiding
|
Domain registration hijacking
|
|
Discover new exploits and monitor exploit-provider forums
|
Test signature detection for file upload/email filters
|
|
Derive intelligence requirements
|
|
|
Determine firmware version
|
Identify personnel with an authority/privilege
|
Identify business relationships
|
Research visibility gap of security vendors
|
|
|
DNSCalc
|
Dynamic DNS
|
|
Identify resources required to build capabilities
|
|
|
Develop KITs/KIQs
|
|
|
Discover target logon/email address format
|
Identify sensitive personnel information
|
Identify job postings and needs/gaps
|
Test signature detection
|
|
|
Dynamic DNS
|
Install and configure hardware, network, and systems
|
|
Obtain/re-use
payloads
|
|
|
Generate analyst intelligence requirements
|
|
|
Enumerate client configurations
|
Identify supply chains
|
Identify supply chains
|
|
|
|
Fast Flux DNS
|
Obfuscate infrastructure
|
|
Post compromise tool development
|
|
|
Identify analyst level gaps
|
|
|
Enumerate
externally facing software applications technologies, languages, and dependencies
|
Mine social media
|
Obtain templates/branding materials
|
|
|
|
Host-based hiding techniques
|
Obtain booter/stressor subscription
|
|
Remote access tool development
|
|
|
Identify gap areas
|
|
|
Identify job postings and needs/gaps
|
|
|
|
|
|
Misattributable credentials
|
Procure required equipment and software
|
|
|
|
|
Receive operator KITs/KIQs tasking
|
|
|
Identify security defensive capabilities
|
|
|
|
|
|
Network-based hiding techniques
|
Shadow DNS
|
|
|
|
|
|
|
|
Identify supply chains
|
|
|
|
|
|
Non-traditional or less attributable payment options
|
SSL certificate acquisition for domain
|
|
|
|
|
|
|
|
Identify technology usage patterns
|
|
|
|
|
|
Obfuscate
infrastructure
|
SSL certificate acquisition for trust breaking
|
|
|
|
|
|
|
|
Identify web defensive services
|
|
|
|
|
|
Obfuscate operational infrastructure
|
Use multiple DNS infrastructures
|
|
|
|
|
|
|
|
Map network topology
|
|
|
|
|
|
Obfuscate or
encrypt code
|
|
|
|
|
|
|
|
|
Mine technical blogs/forums
|
|
|
|
|
|
Obfuscation or cryptography
|
|
|
|
|
|
|
|
|
Obtain domain/IP registration information
|
|
|
|
|
|
OS-vendor provided communication channels
|
|
|
|
|
|
|
|
|
Spearphishing for Information
|
|
|
|
|
|
Private whois
services
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Proxy/protocol
relays
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Secure and protect infrastructure
|
|
|
|
|
|