HTW Berlin Fachbereich 4 Cyber-Security & Business Social Engineering Winter Term 2025/26

Lab 7: Threat Analysis

1. Get back together with the person you worked with on phishing. For the company for which you did the OSINT and developed a phishing plan, complete a threat analysis: Who are potential threat actors? What will they attack? Where will they be? When will they attack? Why would they want to attack this company?
   
2. Define at least five different attack vectors (How will they attack?) that would be promising for this company! Make sure that you look at current CVEs to see if the company is using any technology that has recently been compromised (such as Node.js!).
   
3. Classify the attack vectors according to probability and consequences: How likely are they? How would they affect the company? 
   
4. Your report that you submit should be written as if you were formally reporting to the company.
   

Submit the written PDF report documenting your answers and results and your reflections on the exercise to the Moodle area by 22.00 the evening before our next session. Don't forget to include both names and report formalities such as page numbers and a date! Everyone submits the same copy of the report to the same assignment area!