"6 Questions Attackers Ask Before Choosing an Asset to Exploit"
According to David "moose" Wolpoff, co-founder and CTO at Randori, he believes that understanding the hacker's logic is important. If hacker logic is applied in an enterprise, then the enterprise's security strategy will shift, leading to more efficiencies and lower risk. The attacker's perspective on how an attacker evaluates assets to go after and exploit on an attack surface begins by answering six questions; What useful information can I see about a target from the outside?; How valuable is this asset to the adversary?; Is the asset known to be exploitable?; How hospitable will this asset be if I pwn it?; How long will it take to develop an exploit?; Is there repeatable ROI developing an exploit? The article continues to answer these six questions in detail and stresses the importance for security teams to think more like an attacker.
Threatpost reports: "6 Questions Attackers Ask Before Choosing an Asset to Exploit"