Time
13 hours 9 minutes
Difficulty
Intermediate
CEU/CPE
13

Video Transcription

00:00
Hello and welcome to another penetration. Testing execution Standard discussion. Today we're just going to look at motivation modeling at a high level. Essentially, what would motivate a person thio attack a system or take action against the system?
00:15
Now a quick disclaimer. Our videos do cover tools
00:19
or techniques that could be used for system hacking, so any tools discussed or techniques discussed during these videos should be researched and understood by the user. Please research your laws and regulations regarding the use of such tools to ensure that you do not get into any trouble with the law.
00:39
Now the objectives of today's discussion are essentially to look at what is motivation, modeling. And then some of the types of motivations are motivating factors that would drive a person to attack an organization. And so we'll just look at each of these again at a high level and discuss them. But this will be a pretty
00:59
quick discussion today.
01:00
So
01:02
what is motivation Modeling? What are we doing here? So the possible motivation of threat agents community should be noted for further analysis, so motivations of Attackers air constantly changing as can be seen by the increase in hacktivism branded attacks by groups such as Anonymous,
01:21
an anti second. That's just to name two.
01:23
So as politics change as the world's changes, jobs changes, roles change. Whatever the cases, maybe motivations could change on a dime. So let's go
01:34
and look at a few types of motivation. So profit making money at the end of the day is a huge motivating factor for criminal organizations, for Lone Wolves or for individuals and maybe doing ransom. Where's the service type attack schemes? And so those folks are really looking to make money, get in and get out.
01:55
Hacktivism
01:56
can also be termed his activism these air folks that are promoting political agendas or social change. So there man about, you know, an issue in politics, or there's maybe some free speech issues going on. Or there's something
02:09
that triggers these folks into acting and to being known into attacking an organization or to take some form of action or make some form of threat.
02:21
A direct grudge is something like a recently fired employees, Ah, partner or person that's angry about a decision, a business partner that doesn't like the way a recent project turned down and it's had them maybe lose some share our stock in the organization.
02:36
So those could be motivating factors for attacking an organization or doing an organization harm. There are folks out there that would do it just for fun and just for the heck of it, or to build a reputation.
02:52
And then you may be a stepping stone to accessing the partner system or a further connected system, and that can be done for any of the given examples above. So it could be hacktivists trying to get into something. Somebody's trying to have some fun and see how far they can go or how many other organizations they can get over to.
03:10
Maybe there's a grudge with a partner system that you have access to, and you're just a means to an end. So all of that should be considered as faras motivating factors for action here.
03:22
So let's do a quick check on learning. True or false activism is a motivation by which money or power is the driving factor.
03:31
Well, as we just discussed hacktivism, a k A activism is motivated by political or social change, and so money. Our power is typically not the driving factor for hacktivism. So this is a false statement.
03:46
Now let's go ahead and review everything that we talked about this brief discussion today. So we look at what is motivation modeling at a high level on Essentially, it's just taking the different types of motivation and applying them to the different threats toe further against scale or grade, um,
04:05
the level of risk that they would pose
04:09
to the organization. So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Penetration Testing Execution Standard (PTES)

In this course we will lay out the Penetration Testing Execution Standard (PTES) in all its phases and their application for business leaders and Security Professionals alike.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor