Threat Vectors

• The path a bad actor takes to be malicious
• Includes
  • Messages, files, removable devices, software, etc

Message Based

• Exploits vulnerabilities in communication methods
• Usually has a malicious link or attachment

Images

• exploits image proccessing, display, or sharing
  • Take advantage of inherent trust of visual content

Files

• uses malicious code or scripting embedded within files that seem harmless

Voice Call Based

• Uses phone systems and human behavior to gain personal info of a target

Removable Device

• Flash drives, USB, discs, etc.

Vulnerable software

• Software can have unknown weaknesses
• 2 types
  • Client-based: User must install the software
  • Agentless: Does not requre an user to install and can be zero-day attacks
• Heartbleed is an example of zero day software vulnerability

Unsupported Systems and Applications

• No longer recieving patches