University of Twente Student Theses
As of Friday, 8 August 2025, the current Student Theses repository is no longer available for thesis uploads. A new Student Theses repository will be available starting Friday, 15 August 2025.
Enriching Attack Trees by Reconstructing the Equifax Data Breach
Morriën, S.L. (2025) Enriching Attack Trees by Reconstructing the Equifax Data Breach.
|
PDF
5MB |
| Abstract: | Attack trees and crime scripts are frequently employed in cybersecurity to analyze vulnerabilities from the perspective of a criminal. However, no development has been made in researching whether these two formalisms can complement each other. We propose that a detailed attack tree can be generated by recreating the steps outlined in a crime script. Our objective is to uncover hidden attack vectors represented as nodes that were not yet in the tree and improve the completeness of the attack tree in terms of the number of nodes (tree depth), using the 2017 Equifax data breach as the main focus. This was done by simulating the Equifax environment on a virtual machine in which a vulnerable version of Apache Struts was running. The attack was then recreated by following the steps of a crime script, and any missing steps were analyzed, along with alternative paths that the attacker could have taken. Based on these results, a detailed attack tree was created that contained the attack in significantly more detail than the initial attack tree created from the crime script and also included alternative paths |
| Item Type: | Essay (Bachelor) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science BSc (56964) |
| Link to this item: | https://purl.utwente.nl/essays/107288 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page