Open in app

Sign up

Sign in

Write

Sign up

Sign in

Home

Following

Library

Stories

Stats

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow publication

Pyramid Of Pain

Security Lit Limited
InfoSec Write-ups
Published in
4 min readApr 5, 2022

--

Pyramid Of Pain: Source

Introduction

There were a lot of models developed for effective Cyber Threat Intelligence, but overtime Threat Hunters realized that they all had some flaws or limitations.

Pyramid of Pain, is one such a conceptual model for the effective use of Cyber Threat Intelligence in threat detection operations, but with the difference being that this model is widely accepted in the Threat Hunting Community. So, if you want to get into Threat Hunting or want to explore it, then this is a great topic to start with.

When an attacker gets past your defenses or is trying to evade the defenses, you might get some evidence or an artifact that he’s trying to do so. These forensic evidences, or artifacts are known as indicators of compromise.

The Pyramid of Pain, which was first Introduced in 2013 by David J Bainco explains this with the help of the Pyramid Of Pain. Pyramid of Pain lists out the artifacts or forensic evidences that you might find when an attacker tries to infiltrate or has already compromised the systems and what pain or trouble (in its literal sense) would it cause to the adversary if you were able to deny him that.

David J Bainco says that not all indicators of compromise are created equal. So denying different artifacts would affect him differently.

These artifacts could be the IP address of the computer/network that he’s trying to attack your server with. It could be malicious files that he might upload to your servers/systems for later malicious activities. There are about 6 indicators that he’s listed and what could happen if you were to deny the attacker, access to those.

The more you move up the pyramid and are able to deny him those indicators, the more pain you will cause him. (i.e., the tougher it will get for him to attack your network)

Hash Values

Different Files have different hash values

Let’s Begin with the bottom most layer. Hash values can be used to identify particular malware samples. You can find the hash values of files stored on your computer and then use tools and various online resources to check if any of them corresponds to a malware sample.

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

--

--

InfoSec Write-ups
InfoSec Write-ups
Follow

Published in InfoSec Write-ups

57K Followers
Last published 21 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow
Security Lit Limited
Security Lit Limited
Follow

Written by Security Lit Limited

1.99K Followers
152 Following

https://tech.thoughttide.com/VPN

Follow

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech