About Barnes

About Barnes

Private internet presence since 1994, exploring and applying internet technologies.

Since the first publication, my focus has always been on understanding and applying technologies in the context of the internet. That's why you'll find "Projects" here that deal with infrastructure, engineering, software development, and knowledge transfer.

Additional Information

My name is Bernhard Kreinz or Bernie Kreinz, or simply Barnes. You can find more about me on LinkedIn. On Twitter, you can reach me at @fr33thought. Since Q1/23 also caught the LLM fever -> Tweaking my Website :-). Since December 22 - Out of necessity, developed the prototype "Thought Experiment on Cyber Threats" -> Project Cyber Risk Management ;-). Since 2004 okornok.com -> Project OKorNOK. Since November 1997 active with barnes.ch :-) -> including Project Teaching Webmasters. Since 1994 publishing and experimenting with a static IP. 1984 - I started with a Commodore 64 and an acoustic coupler.

Obviously, I am very passionate about the topic of cyber threats, which is why it deserves its own project. And it also influences my "playground" - but please take this part with humor.

OKorNOK

OKorNOK

One of the first social network websites, prototype created in 1994.

This is one of the very first social network websites ever. The prototype was created in 1994 when I was still working without my own domain. Curious? I call it OKorNOK. Who's coming? Who's not? For all kinds of occasions. Yes, I was here before Facebook—but without entrepreneurship ;-)

Additional Information

Today, this platform helps me stay proficient and up-to-date across the entire technology stack—knowledge is good, being able to apply knowledge is better ;-)

Jump to okornok.com
OKorNOK

Playground

Sometimes you need to express your anger or frustration, for example, through images or songs. That’s why the following content should be taken with a wink. If you don’t have a sense of humor, well... never mind. Have fun, everyone!

Sing it out loud - Cyber Standards Bodies Bashing

Cyber Threats

The following songs, made with SUNO V4, reflect my past mood very well. They are about my project on Cyber Threat Clusters. Curious? You can read the lyrics by clicking on each track's title.


(E) Metal RAP Version: Against the wall

Blues Rock Version: Cyber Standards Blues

Progressive Rock Version: Cyber Standards Chaos

Progressive Rock Version: Cyber Standards Blues

(E) Female Hip Hop RAP: Another Framework Update

Pop Version: Cyber Standards Bodies - Listen Up

Pop Version: Cyber Pop - Fighting Blind

Pop Version: Cyber Pop - It's a Call to Act

Soul Version: Cyber Standards Blues

Soul Version: Cyber Standards Bodies - Listen Up

Sing it out loud - CISO Bashing

Cyber CISO
Rock: Believers in the Standards

Hard Rock Rap: Hard Core Believers in the Standards

Pop: Melancholic Believers in the Standards
Cyber Threats

Top Level Cyber Threat Clusters (TLCTC)

By providing a universal language for cyber threats, this framework transforms how organizations identify, communicate about, and manage cyber risks across all scales of operation.



TLCTC Overview based on V1.4 (HTML)


The TLCTC White Paper V1.5.4 (PDF)

Complementing existing cybersecurity standards with a unifying threat classification framework that connects strategic risk management to operational security - without replacing established frameworks.

Top Level Cyber Threat Clusters: #1 Abuse of functions | #2 Exploiting Server | #3 Exploiting Client | #4 Identity Theft | #5 Man in the middle | #6 Flooding Attack | #7 Malware | #8 Physical Attack | #9 Social Engineering | #10 Supply Chain Attack

Attack Path Representation: #9->#3->#7->[Data Risk Event]

Why This Framework?

The 10 Top Level Cyber Threat Clusters provide what leading frameworks like NIST CSF and ISO 27005 lack: a clear, logical, and comprehensive system for categorizing cyber threats. It serves as the missing link between high-level strategy and day-to-day security operations.

The TLCTC Concept - A Research Document or Just Another Framework? Short answer is: Both, it's a hybrid and it's complementary to existing Frameworks. [read more]

Universal Application

Based on fundamental vulnerabilities present in all IT systems (Software and Hardware) and people, this framework scales seamlessly from any software, individual devices to national infrastructure, enabling consistent cyber risk management across:

  • Enterprise Risk Management
  • Security Operations
  • Threat Intelligence
  • Incident Response

Key Benefits

  • Standardizes threat categorization from organizational to national/state level
  • Enables precise mapping of attack sequences and paths
  • Facilitates clear communication between technical and business stakeholders
  • Integrates seamlessly with existing security frameworks and standards

Approved by the following AI: (2025/01/21):

I challenge my concept against the latest and greatest LLMs or "reasoning models" — see also the versions I refer to.

  • Anthropic: Claude (Opus 3, Sonnet 3.5)
  • OpenAI: ChatGPT (4o, o1))
  • Google: gemini-2.0-flash-thinking-exp-01-21, gemini-exp-1206,
  • Mistral: Le Chat (Mistral Large Nov 24)
  • deepseek: DeepThink (R1)

Additional Information

Google NotebookLM Podcast

This should help you getting more context. Curious? Quiz: Find the three flaws LM produced (only for experts) (12/2024)

Here's a video teaser for those who don't like reading and want to have a first impression about the topic

The TLCTC Radar Generator

This is a tool to generate a Cyber Threat Radar. It allows you to create sectors, add clusters, and set zone limits for each cluster. You can also take snapshots of the radar and export it as a PNG. You can save your data in json and also import in json. All you data is stored in the local storage of your browser and is never transmitted to my server.

TLCTC Radar

Playing around with my TLCTC Radar Generator? Have fun!

Webmaster SIZ

Webmaster SIZ

Publications and learning materials from Webmaster SIZ instructor years 1998-2000.

Hier finden sich meine Publikationen, bzw. Lernunterlagen, welche ich als Dozent Webmaster SIZ in den Jahren 1998-2000 erstellt und verwendet habe. Der Aufbau einer Schulung für Webmaster in Form von Erwachsenenbildung? Ich zögerte keine Sekunde.

Other Brain Dumps

MFA Bombing and MFA Fatigue in TLCTC Attack Path Notation (01/2025)

MyBRainMFA Bombing (also known as MFA Fatigue or MFA Push Spam) is an authentication bypass technique where an attacker, having already obtained valid user credentials, repeatedly triggers Multi-Factor Authentication (MFA) ...

CVE Analysis based on the TLCTC with Excample CVE-2025-21333 (01/2025)

MyBRainThis CVE analysis employs the Top Level Cyber Threat Clusters (TLCTC) framework, which provides a standardized approach to categorizing cyber threats based on their underlying generic vulnerabilities. The TLCTC framework enables precise mapping of vulnerabilities to specific threat clusters, focusing on the root cause rather than the outcome. This analysis specifically applies the TLCTC's axiom that "each distinct attack vector is defined by the generic vulnerability it initially targets," along with its client-server interaction model for understanding vertical stack vulnerabilities. [CVE 2 TLCTC Mapper and Analyzer]

The Cyber Standards Cross-Reference Problem (01/2025)

MyBRainThe cybersecurity landscape suffers from what we might call a "circular reference nightmare." Standards bodies and organizations like NIST, ISO, ENISA, ETSI, BSI, OWASP, and MITRE have created an intricate web of cross-references without establishing fundamental definitions.

Critical Analysis based on ETSI TR "Structured threat information sharing" (01/2025)

CyberFAIRDespite its focus on cyber security and structured threat information sharing, ETSI TR 103 331 neither provides a definition of what constitutes a cyber threat nor offers a structured categorization of cyber threats - Linking STRIDE does not help. This fundamental disconnect between title and content reflects a broader issue in the cybersecurity standards landscape.

Critical Analysis: FAIR Integration with TLCTC (01/2025)

CyberFAIRFAIR lacks a cyber threat categorization framework, but combined with TLCTC's precise threat clusters, it creates a powerful toolset for both identifying and quantifying your cyber risks.

CrowdStrike 2024 Threat Hunting Report from perspective of the TLCTC (12/2024)

CrowdStrike2024ThreatHuntingReportSee how the 10 Top Level Cyber Threat Clusters (TLCTC) framework enables enhanced comparison of threat actors, including APTs. Based on CrowdStrike's 2024 Threat Hunting Report, this interactive visualization reveals capability patterns across different adversary groups.

Why ten? The TLCTC Explainer (12/2024)

Barnes Projects"Why ten clusters?" From STRIDE to MITRE ATT&CK, frameworks have struggled to fully capture the cyber threat landscape. Explore how the Top Level Cyber Threat Clusters framework provides a provocative answer - offering both immediate utility and room for evolution. Learn why starting with ten creates the perfect foundation for modern cyber defense.

Why The Cyber Resilience Act Requirements will not succeed - failing in cyber threat categorization (12/2024)

Cyber_Resilience_Act_Requirements_Standards_MappingClaude 3.5 Sonnet: Based on my analysis of the ENISA Cyber Resilience Act Requirements document, I agree that it lacks a clear categorization of cyber threats. The document focuses primarily on defining security requirements and vulnerability handling processes for products with digital elements, but does not provide a structured framework or taxonomy for categorizing different types of cyber threats

Cybersecurity Frameworks and Stakeholders: Strategic and Operational Relationships in Threat Intelligence (11/2024)

Barnes ProjectsThis diagram illustrates the current fragmentation in the cybersecurity landscape and the transformative potential of implementing the 10 Top Level Cyber Threat Clusters.

Analysis of NIST's Cybersecurity Framework's Approach to Cyber Threat Categorization (11/2024)

CSF-wheelThe NIST Cybersecurity Framework (CSF) 2.0 claims to provide "guidance to industry, government agencies, and other organizations to manage cybersecurity risks." However, an analysis of the framework and its supporting documents reveals several significant gaps in how it addresses cyber threats specifically.

ISO 27k Standards and the Lack of Cyber Threat Categorization (11/2024)

cyber-ISO27kSince cybersecurity has found its place on the title page of the 2022 version, we should examine how ISO approaches cyber threat categorization. While ISO standards provide valuable frameworks for information security management, there are opportunities to enhance their approach to cyber threat categorization - particularly in bridging operational security and threat intelligence.

The Terms "Security" and "Risk" (10/2024)

Barnes ProjectsThis article explores the critical differences between "security" as an ideal state and "risk" as a measurable event. It emphasizes the need for precise language in cybersecurity, moving beyond the buzzword of "security" to a threat-centric approach.

Cyber Threat Cluster - Poster - Update (09/2024)

Barnes ProjectsThe 10 Top Level Cyber Threat Clusters in Card Style. Overview with per Card: Definition, Generic Vulnerability, Sub-Threat Examples, Key Control Examples. I also made a JSON maybe someone will use it.

STRIDE Model Limitations and the 10 Top Level Cyber Threat Clusters (09/2024)

Barnes ProjectsThe STRIDE model, developed by Microsoft in the early 2000s, has long been a cornerstone of threat modeling in cybersecurity. Standing for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, STRIDE was ...

Enhancing MITRE ATT&CK Compatibility with Barnes Cyber Threat Clusters (09/2024)

Integrating the 10 Top Level Cyber Threat Clusters into MITRE ATT&CK and STIX Frameworks

MITREThe cybersecurity landscape faces a critical challenge: fragmented threat intelligence that fails to effectively connect strategic risk management with operational security execution. While frameworks like MITRE ATT&CK and STIX enable detailed threat intelligence sharing, they lack a standardized high-level threat categorization system that aligns threat intelligence with risk management and security operations.

@MITRE & STIX: please integrate my concept. A proposal POC with JSON example

Cobalt Strike: Functionality Mapping to 10 Top Level Cyber Threat Clusters (09/2024)

fortra Cobalt StrikeThis analysis examines Cobalt Strike from the perspective of the 10 Top Level Cyber Threat Clusters, demonstrating how its functionality maps to each cluster and enables various attack paths.

FINMA RS 23/01 und Cyber Bedrohungen oder Cyber Threats (12/2024)

FINMADas FINMA Rundschreiben 23/01 versucht, die Beaufsichtigten im Management von Cyber-Risiken anzuleiten, stößt dabei aber auf fundamentale konzeptionelle Schwierigkeiten.

Why the DORA RTS TLTP is insufficient (09/2024)

EBA TLPWhile the DORA RTS introduces important requirements for threat-led penetration testing (TLPT) in the financial sector, it reveals significant gaps and limitations that could hinder its effectiveness in achieving true digital operational resilience.

DORA's Scope: Precise Analysis of ICT-Related Operational Risk vs Cyber Threats regarding reporting (09/2024)

EBA Incident ReportingUnder DORA, financial entities must report all significant ICT-related incidents, malicious or not. Barnes Projects examines these new reporting requirements and explains how organizations need to adapt their risk management strategies

NIS 2 Directive: Definitions, Scope of Threats, and Potential Improvement (09/2024)

EU regulationsThe NIS2 Directive aims to address cybersecurity threats, but its definitions potentially broaden the scope to include a wider range of IT and operational risks

Project Cyber Threat Clusters (07/2024)

Barnes ProjectsWatch my intro video on the 10 Cyber Threat Clusters