An Automated Post-Exploitation Model for Offensive Cyberspace Operations

Abstract

The Department of Defense (DOD) uses vulnerability assessment tools to identify necessary patchesfor its many cyber systems to mitigate cyberspace threats and exploitation. If an organization misses a patch,or a patch cannot be applied in a timely manner, for instance, to minimize network downtime, thenmeasuring and identifying the impact of such unmitigated vulnerabilities is offloaded to red teaming orpenetration testing services. Most of these services concentrate on initial exploitation, which stops short ofrealizing the larger security impact of post-exploitation actions and are a scarce resource that cannot beapplied to all systems in the DOD.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2022
Accession Number
AD1213732

Entities

People

  • Ryan Benito

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • California
  • Command And Control
  • Computer Access Control
  • Computer Programming
  • Computer Science
  • Computers
  • Cyber Protection
  • Cyberattacks
  • Cybersecurity
  • Cyberspace
  • Cyberspace Operations
  • Graphical User Interface
  • Information Processing
  • Information Systems
  • Network Protocols
  • Network Science
  • Neural Networks
  • Operating Systems
  • Port Scanners
  • Standards
  • United States
  • United States Naval Academy
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Economics
  • Logistics and Supply Chain Management.

Technology Areas

  • Cyber