Pyramid of Pain | A conceptual cybersecurity model

A pyramid of pain is a conceptual Cybersecurity model that categorizes IOC Indicator of Compromise and TTC Tactics, Techniques & Procedures, based on how difficult tit would be for attacker to change.

This conceptual model is applied to Cyber Security solutions like Sentinel One, CISCO Security & SOC RADAR to improve the effectiveness of CTI , Threat Hunting & Incident Response Exercise.

This Pyramid consist of 6 Levels ranging from Trival to Tough for attacker:

1. Hash Values.
2. IP Addresses
3. Domain Name
4. Host Artifacts
5. Network Artifacts
6. Tools
7. TTP’s

Hash Values

A Hash is a numeric value of fixed length that uniquely identifies data. Hash is a result of a hashing algorithms. Some common hashing algorithms are MD5 (128 bit) , SHA-1 (160 bit), SHA-2 (256 bit)

Keep in mind that a Hash is a unidirectional function, which means it cannot me reversed, wherein, Encryption can be reversed and get the file into its original state by using respective decrypting key.

HASH is also not cryptographically secure if two files has the same has value.