DOMAIN 1 Walk-Through

How attackers think, how attacks unfold, and how vulnerabilities open the door

The Mindset of Domain 1

Domain 1 isn’t about memorizing attack names — it’s about recognizing patterns.

Every attack fits into a predictable flow:

1. Reconnaissance → attacker gathers info
2. Initial Access → phishing, exploit, stolen creds
3. Execution → malware, script, payload
4. Persistence → backdoors, rogue accounts
5. Lateral Movement → pivoting deeper into network
6. Exfiltration or Impact → stealing data or destroying systems

Once students see this rhythm, every attack becomes easier to understand.

1. Threat Actors — Who’s attacking and why?

Attackers fall into archetypes:

• Script Kiddies want clout or chaos. Know just enough to be dangerous.
• Hacktivists target institutions out of ideology.
• Insiders already have access — the most dangerous group.
• Organized Crime focuses on ransomware and financial theft.
• Nation-States build advanced malware and long-term espionage.