1 | initial version |
Hi ! Here is an explanation of the cybercaptor output, and why you have these "contradictions" :
Attack graph : exhaustive representation of the possible attacks, with their conditions. There may not only be one target. you start from the target, and you search conditions to attack it. So arrows goes from the target, to the conditions.
Attack path : Different ways to attack a specific target. Arrows goes from the conditions to the target.
Logical : It's the main output of the graph engine used by Cybercaptor, Mulval. It shows every conditions & requirements for each attack step.
Topological : It's a more user friendly view, where you see only the machines that can be exploited, and not the specific ways to exploit them.
Your example :
It happens, on your specific example, that the attack graph and the attack path are isomorphic. Indeed, you only have one target, so the attack graph explains how to attack your target, and the attack path explains …. how to attack it. So all the attacks steps in the attack graph are used in the attack path. Your results are indeed very similar, you may notice that even if the nodes are placed the same way, their content is not exactly the same. On a more complex example, you'll see a more obvious difference.
I hope your now better understand the cybercaptor output !