Pyramid of Pain

Opened: Sunday, 21 July 2019, 12:00 AM
Make a submission

Pyramid of Pain

So now we are able to identify specific actions, now it is time to break down how to make it hard for the attacker. Knowing the attacker's TTPs, is hard to do, and you really can't do attribution to a specific actor just using those. This is a good mental model of all the ways you can make it hard for the adversary, as well as identify who they might be.

Read this:


  1. For each level of the pyramid of pain, describe it in your own words, and provide the primary strength and weakness of each.
  2. You might realize that tools and the first T in TTPs (Tools) are both on there. The primary difference is that tools is removing the adversary's ability to use a tool, while Tools is identifying the behavior caused by various tools that accomplish the same thing. Write a few sentences on what behavioral detection means and how it could work in some fancy startup.
  3. Write a few sentences on how you could use the items in the pyramid of pain to identify a threat group.