Please enable JavaScript.
Coggle requires JavaScript to display documents.
Threat Assessment - Coggle Diagram
Threat Assessment
Enterprise IR
Powershell
Kansa
WMIC
PowerShell Remoting
Threat Hunting
Organizations
IR Roles
Mindset
TI Roles
Operational Tempo
Management Support
Malware-ology
Compromise Type
(2) Dormant Malware (Not active / cleaned)
(3) Without tools or malware (LOL)
(1) Active Malware
Hiding
Malware Names
Malware Locations
LOLBin
Defense Evasion
Persistence
DLL Persistence
Search Order Hijacking
Phantom DLL Hijacking
DLL Side-Loading
WMI Event Consumer Backdoor
Event Filter
Event Consumer
Binding
Scheduled Task
Windows Service
Service Replacement
Service Failure Recovery
New Service Creation
AutoStart Location
Trusted Code Signing
Signed
No signed
Malware Paradox
Threat Intelligence
Tracking Behavior
Actor/Indicator profiling
Atomic
Computed
Behavioral
APT Persistence
Maintain presence
Repeatedly attempting
Cyber Kill Chain
Delivery
Exploitations
Weaponization
C2
Recon
Actions on objective
Attack Lifecycle
Low privileges lateral movement
High privileges lateral movement
Initial Compromised
Asset access and data exfil
Intel Gathering
MITRE ATT&CK Mapping
Collection
Command & Control
Lateral Movement
Exfiltration
Discovery
Impact
Credential Access
Defense Evasion
Privilege Escalation
Persistence
Execution
Initial Access
Indicator of Compromise (IOC)
Indicator Sharing
YARA
OpenIOC
STIX