Diamond Model

Check out our free course!

Diamond Model

Alright, so now we are able to identify a specific actor's general profile and have made ourselves hardened targets. Now, how do we make correlations across various boxes, networks, and organizations? One helpful model for this is the Diamond Model.

Read this: https://digital-forensics.sans.org/summit-archives/cti_summit2014/The_Diamond_Model_for_Intrusion_Analysis_A_Primer_Andy_Pendergast.pdf


  1. For each corner of the diamond, write a few sentences on what they are.
  2. Write a few sentences on how correlation between breaches can be done using the Killchain and the Diamond Model.
  3. What is a threat group/activity group? (You may need Google)
  4. Write a few sentences on how you can use these pieces of information to build an identity for an activity group.
  5. Write about what the benefits are of creating a named threat/activity group

Visit the course page!

Hoppers Roppers 2020            Date: 2020-06-10 23:05:02

results matching ""

    No results matching ""