Law1; Begin with the end in mind:
Strategize around which goal you will want to achieve in the end. The end is what you will want to take home after the attack. The AM(Attackers Mindset) should focus on creating, drafting, crafting, planning, and sourcing information.
Starting with the end in mind helps you to put into consideration how you can leave the information to seem untapped, how you can score the information or asset, the level of security that surrounds your information or asset target, where the information you need is located, security glitches and loopholes and how you can leverage it, the covering area in which the information or target asset is located, strategy for approach and application of workforce for execution.
Beginning with the end in mind helps the attacker develop clarity – clarifying the objective to help you plan accordingly in your center of interest. Beginning with the end in mind also breeds efficiency, since your end goals are clear, you can plan towards more ways to stick to that objective, which will lessen undue ambiguity and foster efficiency. Beginning with the end in mind, enables you to gain purpose to stick with the initial objective.
Five steps to having the end in mind • Narrow objectives • How long it will take you to get there (time budget) • Design an attack by taking the simplest route • Stay fully committed to the plan • Implement the strategy.
Law 2; Gather, weaponize and leverage information The author has been explicit on “information” right from chapter one. Information is the driver of everything that happens in cyberspace. Attackers, both ethical and unethical are not created through the art but the thought. The mindset is what makes attackers able to identify leakages, mold these leakages and use them for exploits against the owners of such information. Tiebacks are the act of binding the information needs of the objectives. Pieces of information that are necessary to the objective should be used while the ones that are not necessary should be discarded.
Law 3; never break pretext Behaving well and operating above all vulnerabilities in the security of an organizations. Having in mind the job of parsing security defenses and implementing or suggesting processes that could keep bad guys out in the future.
Law 4: Every move made benefits the objectives: Everything you do, every action you take, has to be for the good of the objectives for which the mission was started. It could be short-term or long term.