Infiltration
Infiltration is the process of gaining unauthorized access to a protected area, system, or organization.
Categories: 1. Physical (Tailgating). 2. Social (Phishing). 3. Technical (Exploit). 4. Supply Chain (Vendor compromise).
graph LR
Center["Infiltration"]:::main
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
Infiltration is like a thief dressing up as a waiter so they can walk right into a fancy party. Nobody stops them because they look like they belong there. Once they are inside, they can quietly start stealing jewelry while everyone else is dancing.
🤓 Expert Deep Dive
Technically, infiltration is the 'Delivery' and 'Exploitation' phases of the Cyber Kill Chain. It often utilizes 'Watering Hole' attacks or 'Spear Phishing' to bypass automated detection. A critical concept is the 'Dwell Time'—the period between infiltration and discovery. The goal of an infiltrator is typically not immediate destruction, but 'Persistence'. This is achieved by installing 'Backdoors' or 'Rootkits' that allow them to come and go even if the original loophole is patched. Defenders use 'Micro-segmentation' and 'Honeytokens' to detect infiltrators who are trying to 'move laterally' across the network.