adding my attack tree examples with plantuml

those were made as part of my threat model toolkit talk and workshop

https://linktr.ee/threatmodel

Author: jmarcil

Attack Tree/BLANK.plantuml

@@ -0,0 +1,43 @@
+@startuml
+skinparam monochrome true
+skinparam defaultTextAlignment center
+
+' Root nodes
+agent "Goal" as goal
+agent "What attackers want" as what
+
+agent "Sub-goal" as subgoal
+goal --> subgoal
+
+agent "Sub-goal 2" as subgoal2
+goal --> subgoal2
+
+agent "Ways to get to goal" as subgoal3
+what --> subgoal3
+
+agent "Sub-sub goal" as subsubgoal
+agent "Sub-sub goal 2" as subsubgoal2
+agent "Sub-sub goal 3" as subsubgoal3
+subgoal3 ---> subsubgoal 
+subgoal3 ---> subsubgoal2
+subgoal3 ---> subsubgoal3
+
+' Abstraction (not going to model that)
+cloud "**···**" as another
+subgoal ---> another
+subgoal2 ---> subsubgoal
+
+' Leaf nodes
+agent "exploit" as exploit
+agent "ways to get in" as ways
+agent "weakness" as weakness
+
+subsubgoal ---> exploit
+
+' Chaining of exploits required to get to sub-sub goal
+interface "and" as and
+subsubgoal3 --> and
+and --> weakness
+and --> ways
+
+@enduml

Attack Tree/BLANK.plantuml.svg

@@ -0,0 +1,6 @@
+Examples using different tools to create attack trees.
+
+Tool | File match |
+:--- | :---
+| [PlantUML](https://plantuml-editor.kkeisuke.com/) | `*.plantuml` |
+

Attack Tree/README.md

@@ -0,0 +1,73 @@
+@startuml
+skinparam monochrome true
+skinparam defaultTextAlignment center
+
+agent "Steal cryptocurrency" as steal
+agent "Manipulate the market" as market
+agent "Invade privacy" as privacy
+
+agent "Expose their spending habits" as spy
+privacy --> spy
+agent "View their transactions on blockchain" as blockchain
+spy --> blockchain
+
+agent "Gain wallet access" as wallet
+steal --> wallet
+
+agent "**I**nternet **C**on **O**peration" as con
+steal --> con
+
+agent "Steal physical wallet\nand password" as phys
+agent "Find wallet seed" as seed
+agent "Gain access to\nlocal software wallet" as accesswallet
+agent "Gain access to\n web based wallet" as webwallet
+wallet --> phys
+wallet --> accesswallet
+wallet --> webwallet
+accesswallet --> seed
+
+agent "Weak seeding algo" as weakseed
+seed --> weakseed
+
+agent "Malware" as malware
+accesswallet --> malware
+
+agent "Gain remote access\nto local API" as api
+agent "Authentication bypass" as lackauth
+agent "DNS rebinding attack" as dnsrebind
+accesswallet --> api
+interface "and" as and
+api --> and
+and --> lackauth
+and --> dnsrebind
+
+agent "Gain exchange access" as xaccess
+agent "Steal account" as xaccount
+'agent "Compromise network" as xnetwork
+agent "API access" as xapi
+agent "Steal API keys" as xkeys
+agent "Authentication bypass" as xauthbypass
+steal --> xaccess
+xaccess ---> xaccount
+'xaccess --> xnetwork
+xaccess --> xapi
+xapi --> xkeys
+xapi --> xauthbypass
+xapi --> xaccount
+
+agent "Denial of service" as dos
+market --> dos
+market --> xaccess
+'market -> steal
+
+cloud "**···**" as another
+xaccount --> another
+cloud "**···**" as anothertwo
+cloud "**···**" as anotherthree
+xauthbypass --> anothertwo
+xkeys --> anotherthree
+
+'spy --> xaccess
+'spy --> wallet
+
+@enduml

Attack Tree/cryptowallet.plantuml

@@ -0,0 +1,54 @@
+@startuml
+skinparam monochrome true
+
+agent "Mass mining" as mine
+agent "Mass scan" as scan
+agent "DDoS" as ddos
+agent "Control many devices \n(Botnet)" as botnet
+mine --> botnet
+scan --> botnet
+ddos --> botnet
+
+agent "Use legit command" as legitcmd
+agent "Exploit device flaws" as flaws
+agent "Obtain device access" as access
+botnet --> legitcmd
+botnet --> flaws
+botnet --> access
+
+agent "Get WiFi LAN access" as wifi
+agent "Get Physical access" as phys
+agent "Place Factory Backdoor" as factory
+agent "Hack cloud server" as cloud
+access --> wifi
+access --> phys
+access --> factory
+access --> cloud
+
+agent "Make my life miserable" as life
+agent "Randomware" as ransomware
+agent "Invade my privacy" as privacy
+agent "Mess with the lights" as mess
+
+life --> ransomware
+life --> privacy
+life --> mess
+
+agent "View my habits" as habits
+agent "Spy me live" as spy
+privacy --> habits
+privacy --> spy
+
+agent "Steal cloud data" as data
+habits --> data
+spy --> data
+data ---> cloud
+
+agent "Sniff network" as sniff
+habits ---> sniff
+spy ---> sniff
+access --> sniff
+sniff --> wifi
+sniff --> phys
+
+@enduml