Initial commit - 611 cybersecurity skills across all subdomains

This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
@@ -0,0 +1,31 @@
# Standards and References - XM Cyber Attack Path Analysis
## XM Cyber Resources
- XM Cyber Platform: https://xmcyber.com/
- 2024 State of Exposure Management Report: https://info.xmcyber.com/2024-state-of-exposure-management
- CTEM (Continuous Threat Exposure Management): https://xmcyber.com/ctem/
- XM Cyber EASM Integration: https://xmcyber.com/press-release/xm-cyber-unifies-external-discovery-with-internal-validation/
## Industry Frameworks
- **Gartner CTEM**: Continuous Threat Exposure Management framework (2022)
- **MITRE ATT&CK**: Lateral movement and privilege escalation techniques
- **NIST CSF 2.0**: Identify, Protect, Detect functions
- **CIS Controls v8.1 Control 7**: Continuous Vulnerability Management
## Research Findings (2024)
| Metric | Finding |
|--------|---------|
| Avg exposures per org | ~15,000 |
| CVE-based exposures | < 1% of total |
| Misconfiguration exposures | ~80% |
| Identity/credential exposures | ~40% |
| Critical choke points | 2% of all exposures |
| On-prem to cloud pivot | 70% of organizations |
| Cloud assets compromised in 2 hops | 93% |
## Related Technologies
- BloodHound/SharpHound: Active Directory attack path analysis
- PurpleKnight: AD security assessment
- CrowdStrike Falcon Exposure Management
- Tenable Identity Exposure
- Microsoft Defender for Identity
@@ -0,0 +1,56 @@
# Workflows - XM Cyber Attack Path Analysis
## Workflow 1: Continuous Exposure Management Lifecycle
```
┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐
│ Define Critical │────>│ Deploy Sensors │────>│ Run Attack Graph │
│ Assets (Crown │ │ (On-prem + Cloud)│ │ Analysis │
│ Jewels) │ │ │ │ │
└──────────────────┘ └──────────────────┘ └──────────────────┘
┌────────────────────────────────────────────────┘
v
┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐
│ Identify Choke │────>│ Prioritize │────>│ Remediate & │
│ Points │ │ Remediation │ │ Validate │
└──────────────────┘ └──────────────────┘ └──────────────────┘
v
┌──────────────────┐
│ Continuous │ (Loop back to Attack Graph Analysis)
│ Monitoring │
└──────────────────┘
```
## Workflow 2: Choke Point Remediation
```
For each identified choke point:
1. Document the entity (host, credential, misconfiguration)
2. Map all attack paths passing through this choke point
3. List all critical assets protected if choke point is fixed
4. Determine remediation action (patch, reconfig, credential rotation)
5. Estimate fix complexity (easy/moderate/complex)
6. Calculate risk reduction score (paths * assets / complexity)
7. Assign to remediation team with priority and SLA
8. After fix: re-run analysis to confirm path elimination
9. Document residual risk if paths still exist
```
## Workflow 3: Attack Path to Remediation Ticket
```
XM Cyber Finding:
"Cached Domain Admin credential on WORKSTATION-042
enables 47 attack paths to Domain Controller DC-01"
v
Remediation Ticket:
Priority: P1-Emergency
Title: "Remove cached DA cred on WORKSTATION-042"
Action: Clear credential cache, implement LAPS,
restrict DA logon to Tier 0 only
Impact: Eliminates 47 attack paths to DC-01
SLA: 48 hours
```