{flino|dev}
Back to blog
Apr 28, 2025
3 min read

Diamond Model Room

Learn about the four core features of the Diamond Model of Intrusion Analysis: adversary, infrastructure, capability, and victim.

SOC Level 1 > Cyber Defence Frameworks > Diamond Model

Diamond Model

Introduction

Read the above.

No answer needed

Adversary

What is the term for a person/group that has the intention to perform malicious actions against cyber resources?

¿Cuál es el término para una persona o grupo que tiene la intención de realizar acciones maliciosas contra recursos cibernéticos?

Adversary Operator

What is the term of the person or a group that will receive the benefits from the cyberattacks?

¿Cuál es el término para la persona o el grupo que recibirá los beneficios de los ciberataques?

Adversary Customer

Victim

What is the term that applies to the Diamond Model for organizations or people that are being targeted?

¿Cuál es el término que se aplica en el Modelo Diamante para las organizaciones o personas que están siendo atacadas?

Victim Personae

Capability

Provide the term for the set of tools or capabilities that belong to an adversary.

Proporciona el término para el conjunto de herramientas o capacidades que pertenecen a un adversario.

Adversary Arsenal

Infrastructure

To which type of infrastructure do malicious domains and compromised email accounts belong?

¿A qué tipo de infraestructura pertenecen los dominios maliciosos y las cuentas de correo comprometidas?

Type 2 Infrastructure

What type of infrastructure is most likely owned by an adversary?

¿Qué tipo de infraestructura es más probable que sea propiedad de un adversario?

Type 1 Infrastructure

Event Meta Features

What meta-feature does the axiom “Every malicious activity contains two or more phases which must be successfully executed in succession to achieve the desired result” belong to?

_What meta-feature does the axiom “Every malicious activity contains two or more phases which must be successfully executed in succession to achieve the desired result” belong to? _

Phase

You can label the event results as “success”, “failure”, and “unknown”. What meta-feature is this related to?

Puedes etiquetar los resultados de los eventos como “éxito”, “fallo” y “desconocido”. ¿Con qué meta-característica está relacionado esto?

Result

To what meta-feature is this phrase applicable “Every intrusion event requires one or more external resources to be satisfied prior to success”?

¿A qué meta-característica es aplicable esta frase: “Todo evento de intrusión requiere uno o más recursos externos que deben estar disponibles antes de que tenga éxito”?

Resources

Social-Political Component

Read the above.

No answer needed

Technology Component

Read the above.

No answer needed

Practice Analysis

Complete all eight areas of the diamond. What is the flag that is displayed to you?

Completa las ocho áreas del modelo diamante. ¿Cuál es la bandera que se te muestra?

THM{DIAMOND_MODEL_ATTACK_CHAIN}

Conclusion

Read the above.

No answer needed
Anterior
Lo nuevo de angular 18
Siguiente
Unified Kill Chain Room