Private internet presence since 1994, exploring and applying internet technologies.
Since the first publication, my focus has always been on understanding and applying technologies in the context of the internet. That's why you'll find "Projects" here that deal with infrastructure, engineering, software development, and knowledge transfer.
Additional Information
My name is Bernhard Kreinz or Bernie Kreinz, or simply Barnes. You can find more about me on
LinkedIn.
On Twitter, you can reach me at @fr33thought. Since Q1/23 also caught the LLM fever -> Tweaking my Website :-).
Since December 22 - Out of necessity, developed the prototype "Thought Experiment on Cyber Threats" -> Project Cyber Risk Management ;-).
Since 2004 okornok.com -> Project OKorNOK. Since November 1997 active with barnes.ch :-) -> including Project Teaching Webmasters.
Since 1994 publishing and experimenting with a static IP. 1984 - I started with a Commodore 64 and an acoustic coupler.
Obviously, I am very passionate about the topic of cyber threats, which is why it deserves its own project. And it also influences my "playground" - but please take this part with humor.
OKorNOK
One of the first social network websites, prototype created in 1994.
This is one of the very first social network websites ever. The prototype was created in 1994 when I was still working without my own domain. Curious? I call it OKorNOK. Who's coming? Who's not? For all kinds of occasions. Yes, I was here before Facebook—but without entrepreneurship ;-)
Additional Information
Today, this platform helps me stay proficient and up-to-date across the entire technology stack—knowledge is good, being able to apply knowledge is better ;-)
Sometimes you need to express your anger or frustration, for example, through images or songs. That’s why the following content should be taken with a wink. If you don’t have a sense of humor, well... never mind. Have fun, everyone!
Sing it out loud - Cyber Standards Bodies Bashing
The following songs, made with SUNO V4, reflect my past mood very well. They are about my project on Cyber Threat Clusters. Curious? You can read the lyrics by clicking on each track's title.
By providing a universal language for cyber threats, this framework transforms how organizations identify, communicate about, and manage cyber risks across all scales of operation.
Complementing existing cybersecurity standards with a unifying threat classification framework that connects strategic risk management to operational security - without replacing established frameworks.
Top Level Cyber Threat Clusters: #1 Abuse of functions | #2 Exploiting Server | #3 Exploiting Client | #4 Identity Theft | #5 Man in the middle | #6 Flooding Attack | #7 Malware | #8 Physical Attack | #9 Social Engineering | #10 Supply Chain Attack
The 10 Top Level Cyber Threat Clusters provide what leading frameworks like NIST CSF and ISO 27005 lack: a clear, logical, and comprehensive system for categorizing cyber threats. It serves as the missing link between high-level strategy and day-to-day security operations.
The TLCTC Concept - A Research Document or Just Another Framework? Short answer is: Both, it's a hybrid and it's complementary to existing Frameworks. [read more]
Universal Application
Based on fundamental vulnerabilities present in all IT systems (Software and Hardware) and people, this framework scales seamlessly from any software, individual devices to national infrastructure, enabling consistent cyber risk management across:
Enterprise Risk Management
Security Operations
Threat Intelligence
Incident Response
Key Benefits
Standardizes threat categorization from organizational to national/state level
Enables precise mapping of attack sequences and paths
Facilitates clear communication between technical and business stakeholders
Integrates seamlessly with existing security frameworks and standards
Approved by the following AI: (2025/01/21):
I challenge my concept against the latest and greatest LLMs or "reasoning models" — see also the versions I refer to.
This should help you getting more context. Curious? Quiz: Find the three flaws LM produced (only for experts) (12/2024)
Here's a video teaser for those who don't like reading and want to have a first impression about the topic
The TLCTC Radar Generator
This is a tool to generate a Cyber Threat Radar. It allows you to create sectors, add clusters, and set zone limits for each cluster. You can also take snapshots of the radar and export it as a PNG. You can save your data in json and also import in json. All you data is stored in the local storage of your browser and is never transmitted to my server.
Publications and learning materials from Webmaster SIZ instructor years 1998-2000.
Hier finden sich meine Publikationen, bzw. Lernunterlagen, welche ich als Dozent Webmaster SIZ in den Jahren 1998-2000 erstellt und verwendet habe. Der Aufbau einer Schulung für Webmaster in Form von Erwachsenenbildung? Ich zögerte keine Sekunde.
MFA Bombing (also known as MFA Fatigue or MFA Push Spam) is an authentication bypass technique where an attacker, having already obtained valid user credentials, repeatedly triggers Multi-Factor Authentication (MFA) ...
This CVE analysis employs the Top Level Cyber Threat Clusters (TLCTC) framework, which provides a standardized approach to categorizing cyber threats based on their underlying generic vulnerabilities. The TLCTC framework enables precise mapping of vulnerabilities to specific threat clusters, focusing on the root cause rather than the outcome. This analysis specifically applies the TLCTC's axiom that "each distinct attack vector is defined by the generic vulnerability it initially targets," along with its client-server interaction model for understanding vertical stack vulnerabilities. [CVE 2 TLCTC Mapper and Analyzer]
The cybersecurity landscape suffers from what we might call a "circular reference nightmare." Standards bodies and organizations like NIST, ISO, ENISA, ETSI, BSI, OWASP, and MITRE have created an intricate web of cross-references without establishing fundamental definitions.
Despite its focus on cyber security and structured threat information sharing, ETSI TR 103 331 neither provides a definition of what constitutes a cyber threat nor offers a structured categorization of cyber threats - Linking STRIDE does not help. This fundamental disconnect between title and content reflects a broader issue in the cybersecurity standards landscape.
FAIR lacks a cyber threat categorization framework, but combined with TLCTC's precise threat clusters, it creates a powerful toolset for both identifying and quantifying your cyber risks.
See how the 10 Top Level Cyber Threat Clusters (TLCTC) framework enables enhanced comparison of threat actors, including APTs. Based on CrowdStrike's 2024 Threat Hunting Report, this interactive visualization reveals capability patterns across different adversary groups.
"Why ten clusters?" From STRIDE to MITRE ATT&CK, frameworks have struggled to fully capture the cyber threat landscape. Explore how the Top Level Cyber Threat Clusters framework provides a provocative answer - offering both immediate utility and room for evolution. Learn why starting with ten creates the perfect foundation for modern cyber defense.
Claude 3.5 Sonnet: Based on my analysis of the ENISA Cyber Resilience Act Requirements document, I agree that it lacks a clear categorization of cyber threats. The document focuses primarily on defining security requirements and vulnerability handling processes for products with digital elements, but does not provide a structured framework or taxonomy for categorizing different types of cyber threats
This diagram illustrates the current fragmentation in the cybersecurity landscape and the transformative potential of implementing the 10 Top Level Cyber Threat Clusters.
The NIST Cybersecurity Framework (CSF) 2.0 claims to provide "guidance to industry, government agencies, and other organizations to manage cybersecurity risks." However, an analysis of the framework and its supporting documents reveals several significant gaps in how it addresses cyber threats specifically.
Since cybersecurity has found its place on the title page of the 2022 version, we should examine how ISO approaches cyber threat categorization. While ISO standards provide valuable frameworks for information security management, there are opportunities to enhance their approach to cyber threat categorization - particularly in bridging operational security and threat intelligence.
This article explores the critical differences between "security" as an ideal state and "risk" as a measurable event. It emphasizes the need for precise language in cybersecurity, moving beyond the buzzword of "security" to a threat-centric approach.
The 10 Top Level Cyber Threat Clusters in Card Style. Overview with per Card: Definition, Generic Vulnerability, Sub-Threat Examples, Key Control Examples. I also made a JSON maybe someone will use it.
The STRIDE model, developed by Microsoft in the early 2000s, has long been a cornerstone of threat modeling in cybersecurity. Standing for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, STRIDE was ...
Integrating the 10 Top Level Cyber Threat Clusters into MITRE ATT&CK and STIX Frameworks
The cybersecurity landscape faces a critical challenge: fragmented threat intelligence that fails to effectively connect strategic risk management with operational security execution. While frameworks like MITRE ATT&CK and STIX enable detailed threat intelligence sharing, they lack a standardized high-level threat categorization system that aligns threat intelligence with risk management and security operations.
@MITRE & STIX: please integrate my concept. A proposal POC with JSON example
This analysis examines Cobalt Strike from the perspective of the 10 Top Level Cyber Threat Clusters, demonstrating how its functionality maps to each cluster and enables various attack paths.
Das FINMA Rundschreiben 23/01 versucht, die Beaufsichtigten im Management von Cyber-Risiken anzuleiten, stößt dabei aber auf fundamentale konzeptionelle Schwierigkeiten.
While the DORA RTS introduces important requirements for threat-led penetration testing (TLPT) in the financial sector, it reveals significant gaps and limitations that could hinder its effectiveness in achieving true digital operational resilience.
Under DORA, financial entities must report all significant ICT-related incidents, malicious or not. Barnes Projects examines these new reporting requirements and explains how organizations need to adapt their risk management strategies
The NIS2 Directive aims to address cybersecurity threats, but its definitions potentially broaden the scope to include a wider range of IT and operational risks
Project Cyber Threat Clusters (07/2024)
Watch my intro video on the 10 Cyber Threat Clusters