attack-tree-construction

SKILL.md

Attack Tree Construction

Systematic attack path visualization and analysis.

When to Use This Skill

Visualizing complex attack scenarios

Identifying defense gaps and priorities

Communicating risks to stakeholders

Planning defensive investments

Penetration test planning

Security architecture review

Core Concepts

1. Attack Tree Structure
                    [Root Goal]
                         |
            ┌────────────┴────────────┐
            │                         │
       [Sub-goal 1]              [Sub-goal 2]
       (OR node)                 (AND node)
            │                         │
      ┌─────┴─────┐             ┌─────┴─────┐
      │           │             │           │
   [Attack]   [Attack]      [Attack]   [Attack]
    (leaf)     (leaf)        (leaf)     (leaf)

2. Node Types

Type
Symbol
Description

OR
Oval
Any child achieves goal

AND
Rectangle
All children required

Leaf
Box
Atomic attack step

3. Attack Attributes

Attribute
Description
Values

Cost
Resources needed
$, $$, $$$

Time
Duration to execute
Hours, Days, Weeks

Skill
Expertise required
Low, Medium, High

Detection
Likelihood of detection
Low, Medium, High

Templates and detailed worked examples

Full template library lives in references/details.md. Read that file when you need concrete templates for this skill.

Best Practices

Do's

Start with clear goals - Define what attacker wants

Be exhaustive - Consider all attack vectors

Attribute attacks - Cost, skill, and detection

Update regularly - New threats emerge

Validate with experts - Red team review

Don'ts

Don't oversimplify - Real attacks are complex

Don't ignore dependencies - AND nodes matter

Don't forget insider threats - Not all attackers are external

Don't skip mitigations - Trees are for defense planning

Don't make it static - Threat landscape evolves