{flino|dev}
Back to blog
Apr 28, 2025
3 min read

Diamond Model Room

Learn about the four core features of the Diamond Model of Intrusion Analysis: adversary, infrastructure, capability, and victim.

SOC Level 1 > Cyber Defence Frameworks > Diamond Model

Diamond Model

Introduction

  1. Read the above.
No answer needed

Adversary

  1. What is the term for a person/group that has the intention to perform malicious actions against cyber resources?
    ¿Cuál es el término para una persona o grupo que tiene la intención de realizar acciones maliciosas contra recursos cibernéticos?
Adversary Operator
  1. What is the term of the person or a group that will receive the benefits from the cyberattacks?
    ¿Cuál es el término para la persona o el grupo que recibirá los beneficios de los ciberataques?
Adversary Customer

Victim

  1. What is the term that applies to the Diamond Model for organizations or people that are being targeted?
    ¿Cuál es el término que se aplica en el Modelo Diamante para las organizaciones o personas que están siendo atacadas?
Victim Personae

Capability

  1. Provide the term for the set of tools or capabilities that belong to an adversary.
    Proporciona el término para el conjunto de herramientas o capacidades que pertenecen a un adversario.
Adversary Arsenal

Infrastructure

  1. To which type of infrastructure do malicious domains and compromised email accounts belong?
    ¿A qué tipo de infraestructura pertenecen los dominios maliciosos y las cuentas de correo comprometidas?
Type 2 Infrastructure
  1. What type of infrastructure is most likely owned by an adversary?
    ¿Qué tipo de infraestructura es más probable que sea propiedad de un adversario?
Type 1 Infrastructure

Event Meta Features

  1. What meta-feature does the axiom “Every malicious activity contains two or more phases which must be successfully executed in succession to achieve the desired result” belong to?
    _What meta-feature does the axiom “Every malicious activity contains two or more phases which must be successfully executed in succession to achieve the desired result” belong to? _
Phase
  1. You can label the event results as “success”, “failure”, and “unknown”. What meta-feature is this related to?
    Puedes etiquetar los resultados de los eventos como “éxito”, “fallo” y “desconocido”. ¿Con qué meta-característica está relacionado esto?
Result
  1. To what meta-feature is this phrase applicable “Every intrusion event requires one or more external resources to be satisfied prior to success”?
    ¿A qué meta-característica es aplicable esta frase: “Todo evento de intrusión requiere uno o más recursos externos que deben estar disponibles antes de que tenga éxito”?
Resources

Social-Political Component

  1. Read the above.
No answer needed

Technology Component

  1. Read the above.
No answer needed

Practice Analysis

  1. Complete all eight areas of the diamond. What is the flag that is displayed to you?
    Completa las ocho áreas del modelo diamante. ¿Cuál es la bandera que se te muestra?
THM{DIAMOND_MODEL_ATTACK_CHAIN}

Conclusion

  1. Read the above.
No answer needed
Anterior
Mitre Room
Siguiente
Unified Kill Chain Room