Skills & Training: Low
Resources: Low
Risk Appetite: High
Description: Script Kiddies are often young and/or inexperienced and don't fully understand how their tools work. They often operate from within governments with weak cybersecurity laws & enforcement.
- Curiosity
- Mischievous destruction
- Popularity (bragging rights, name recognition, showing off)
- Revenge
- Financial compensation (initial access brokers)
- Poorly configured systems and websites
- Default, guessable, or re-used breached passwords
- Publicly exposed data
- Publicly-available tools and exploits (no modifications)
- Cheap infrastructure (Digital Ocean, etc)
- No persistence aside from default webshells or valid accounts etc
- No evasion
- Simple lateral with discovered secrets/systems
- Website defacement
- Data destruction
- Secrets theft
- Proof of presence