Additional Attack Paths

The initial attack path shown in the map is the most likely attack path the attacker will use. It is also called the Critical Path.

However, securiCAD will also take into consideration that there are other possible attack paths that the attacker might use as well. Let’s look at an example, compromising the Oracle Database, close to the target.

The Critical Path around Oracle Database looks like below.

We see that the most likely attack step to use here is to use an exploit due to the Oracle Database not being properly patched.

However, this is not the only possible attack step here. Sliding the Detail Level control to the right will show additional attack paths as well.

This will show additional attack paths on the map.

In the center, we have the most likely attack path. Above it, we see a set of attack steps related to using weak login credentials on the Oracle Database and in the lower area we see attack steps making use of UnknownSerivice, representing an unknown/non-maintained service left available on the Prod srv 1 host. Both of these tracks are possible alternatives for compromising the Oracle Database and writing to the Customer records datastore.

Now, when we have seen what the attack paths consist of, we are ready to look at the Chokepoints in the report. These are described in the Chokepoints module.


What’s Next