1. Level 1 – Common Adversary:
This level of adversary is the lowest level tier. Most adversaries at this level are not directly targeting an organization but aiming to attack any easy target or organization. This adversary utilizes basic and free tools with little understanding for how they work. Some of the traits for this level of adversary are below.
-
- Utilizes commonly/easy to use tool and toolkits
- Does not possess a solid understanding of full attack paths and techniques
- Is generally very easy to detect and identify
- Does not build or use custom tools/exploits or techniques
- Has no specific target or goal in mind
- Normally attacks part time instead of full time
2. Level 2 – Uncommon Adversary:
This level of adversary is one level up from a Common Adversary. While most of the traits for level 2 is similar to level 1 there are a few differences. This adversary has a better understanding of the attack paths and techniques being used. This adversary also is generally targeting a specific issues, vulnerability or service. Some of the traits for this level of adversary are below.
-
- Utilizes commonly/easy to use tool and toolkits
- Understands the basic attack paths & techniques used
- May build simple custom tools based on specific use cases
- Attacking a specific target, service, vulnerability or service without much information
- Is generally very easy to detect and identify
- Normally attacks part time instead of full time
3. Level 3 – Sophisticated Adversary:
A Sophisticated Adversary is a skilled and knowledgeable individual or group. This individual or group is self-funded and generally has a specific target or goal in mind. This adversary will create custom tools, techniques, etc. Some of the traits for this level of adversary are below.
-
- Skillful on attack paths, techniques, etc
- Self-funded and will have access to commercial tools and payloads
- Generally, targets a specific organization or company
- Utilizes custom tooling, exploits and techniques
- Not easy to detect or identify
- Focused on a specific goal. Normally monetary value, status or to prove a point.
4. Level 4 – Nation State Adversary:
This is the first Nation State level adversary. This adversary is just as skilled as level 3. The biggest difference between level 3 and 4 is the goals and financial resources available. Normally this level of adversary is ran by a specific government entity or country. Vast resources and anonymity along with skillset make this adversary difficult to deal with. Some of the traits for this level of adversary are below.
-
- Extremely skillful on attack paths, techniques, etc
- Largely funded
- Has access to any commercial tool
- Access to black market data, vulnerabilities and malware
- Creates custom tools, techniques and payloads for each operation to avoid detection
- Government/Country ran and generally targets other counties but can target companies
- Extremely difficult to track and identify
5. Level 5 – Sophisticated Nation State Adversary:
This is the final level of adversary a company would face. This adversary contains top individuals in varies fields and always at the bleeding edge of Offensive Security. Level 4 and 5 are often combined together as a similar adversary due to it often being the same group. Often the distinction is based on country rather than multiple groups in the same country. Some of the traits for this level of adversary are below.
-
- Some of the traits for this level of adversary are below.
- Extremely skillful on attack paths, techniques, etc
- Largely funded
- Has access to any commercial tool
- Access to black market data, vulnerabilities and malware
- Creates custom tools, techniques and payloads for each operation to avoid detection
- Government/Country ran and generally targets other counties but can target companies
- Extremely difficult to track and identify
- Resides at the bleeding edge of Offensive Security