Skip to content

Instantly share code, notes, and snippets.

@geekscrapy
Last active August 1, 2018 09:42
Show Gist options
  • Save geekscrapy/5ee2b71ebd9bd06b702dba8dd5f5583b to your computer and use it in GitHub Desktop.
Save geekscrapy/5ee2b71ebd9bd06b702dba8dd5f5583b to your computer and use it in GitHub Desktop.
Deception difficulty algo - SIMPLE!!

IOC deception difficulty

Playing with the idea to feed into other attribution tools. Calulates the difficulty to deceive given an IOC type.

IOC type Overall difficulty Trivial (1) Medium (2) Hard (3)
IP 2 VPN hosting provider e.g. rentable IP space. Has many ports exposed Bastian host few ports exposed. Contained within a company which has few security functions/mechanisms Bastian host within a secure organisation - no ports exposed externally, minimal externally facing services for same subnet
Hash 1 Bit level change to modify hash Code section modification/behaviour modification Custom tool to emulate behaviour and tactics of another actor
File path 1 Filename change / file path change within local system File path change / sdb artifacts removed Common tool that requires set install location. Widely signatured

Algo

deception difficulty = ((level / overall difficulty) * 100)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment