P6. Scenario

Points: 1058
Level: Simple
Category: Tutorial

Description

OK, enough with the unskippable tutorial, let’s get in the action! Our tale begins with Personalyz.io, a mid-sized tech company just minding its own business selling personal data. They’re about to get more than they bargained for when Shadow Gopher burrows in! Will Shadow Gopher succeed in undermining Personalyz, or will this scrappy company achieve its dream of hitting the IPO with their trove of customer data intact?

Objective

Enter “LET’S GO” with as many O’s as you feel represent your current hype level.

Tools Used

Cognitive tools: CEO of the brain, working memory, mindfulness

Methodology

I pressed play to the song by Bill Conti, Gonna Fly Now, from the Rocky movie and enthusiastically typed: —

Flag

LET’S GOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO

MITRE ATT&CK

(Suggested)

Tactics: Reconnaissance (TA0043); Resource Development (TA0042)

• Involves gathering information that can be used to plan for the future against a target, scanning, and searching. It can also involve establishing the resources needed to support the operation. Here, I gathered the necessary materials needed to tackle the challenges such as making sure the computer was operating properly, setting up the work area, access to the third-party sources (google, research tools, books, etc.), and mental and physical agility preparedness (tea, drinks, snacks, music, food) readily accessible.

Techniques: Gathering Victim Network Information (T1590); Search Open Websites/Domains (T1593)

• Allowed us to gather as much intel on our client Personalyz.io and read through the materials. These techniques were also seen when using public sources such as Google, LinkedIn, physical books, library databases to collect information on the target organization or attacker.