8. ATTACK TREES
Open Safe (P)
Pick Lock (I)
Learn Combo
(P)
Bad Setup (I)
Find it Written
(I)
Learn From
Target (P)
Blackmail (I) Eavesdrop (I) Bribe (P)
P = Possible
I = Impossible
20. ATTACK TREES - USER ACCOUNT
Get Access
Modify
Credentials
Learn Password
Bypass Access
Control
Get Access to
Database
Social
Engineering
Get Access to
DMZ
Listen on
Transport Layer
Guessing
Insecure
Dependencies
21. ATTACK TREES - USER ACCOUNT
Get Access
Modify
Credentials
Learn Password
Bypass Access
Control
Get Access to
Database
Social
Engineering
Get Access to
DMZ
Listen on
Transport Layer
Guessing
Insecure
Dependencies
22. GUESSING - BRUTE FORCE
systematically enumerating all possible
candidates for the solution
39. ATTACK TREES - USER ACCOUNT
Get Access
Modify
Credentials
Learn Password
Bypass Access
Control
Get Access to
Database
Social
Engineering
Get Access to
DMZ
Listen on
Transport Layer
Guessing
Insecure
Dependencies
45. ATTACK TREES - USER ACCOUNT
Get Access
Modify
Credentials
Learn Password
Bypass Access
Control
Get Access to
Database
Social
Engineering
Get Access to
DMZ
Listen on
Transport Layer
Guessing
Insecure
Dependencies
46. 95% OF ALL SECURITY
INCIDENTS INVOLVE
HUMAN ERROR