Home / Architecture Diagrams

๐Ÿ“ Architecture Diagrams & References

Visual reference models, attack lifecycles, defense architectures, and maturity frameworks for cybersecurity training and interview preparation.

Defense-in-Depth Model

Layered security architecture from perimeter to data

Architecture
๐ŸŒ Perimeter Security
DDoS Protection, CDN, WAF
โ†“
๐Ÿ”ฅ Network Security
NGFW, IDS/IPS, Segmentation
โ†“
๐Ÿ’ป Host Security
EDR, Hardening, Patch Mgmt
โ†“
๐Ÿ“ฑ Application Security
SAST, DAST, WAF, RASP
โ†“
๐Ÿ’พ Data Security
Encryption, DLP, Classification
โ†“
๐Ÿ‘ค Identity Security
IAM, MFA, PAM, Zero Trust

Cyber Kill Chain

Lockheed Martin attack lifecycle model

Attack Lifecycle
๐Ÿ” Reconnaissance
Gather target information
โ†“
โš”๏ธ Weaponization
Create exploit payload
โ†“
๐Ÿ“ง Delivery
Phishing, drive-by, supply chain
โ†“
๐Ÿ’ฅ Exploitation
Execute vulnerability exploit
โ†“
๐Ÿ“ฆ Installation
Install backdoor / RAT
โ†“
๐Ÿ“ก Command & Control
Establish C2 channel
โ†“
๐ŸŽฏ Actions on Objectives
Data exfil, destruction, ransomware

Incident Response Lifecycle

NIST SP 800-61 incident handling process

Process
๐Ÿ“‹ Preparation
IR plan, tools, team, training
โ†“
๐Ÿ”” Detection & Analysis
Alert triage, IOC analysis, scope
โ†“
๐Ÿ›ก๏ธ Containment
Short-term and long-term containment
โ†“
๐Ÿงน Eradication
Remove threat, patch vulnerability
โ†“
๐Ÿ”„ Recovery
Restore systems, verify integrity
โ†“
๐Ÿ“ Post-Incident Review
Lessons learned, detection improvement

MITRE ATT&CK Tactics

Enterprise ATT&CK tactic categories

Threat Framework
๐Ÿ” Reconnaissance
Gathering target information
โ†“
๐Ÿšช Initial Access
Phishing, exploits, supply chain
โ†“
โšก Execution
Running malicious code
โ†“
๐Ÿ“Œ Persistence
Maintaining foothold
โ†“
โฌ†๏ธ Privilege Escalation
Gaining higher permissions
โ†“
๐Ÿ”‘ Credential Access
Stealing credentials
โ†“
โ†”๏ธ Lateral Movement
Moving through network
โ†“
๐Ÿ“ค Exfiltration
Stealing data

Zero Trust Architecture

NIST SP 800-207 zero trust model

Architecture
๐Ÿ‘ค Subject
User, device, or workload requesting access
โ†“
๐Ÿ” Policy Enforcement Point
Gateway that enforces access decisions
โ†“
๐Ÿง  Policy Decision Point
Evaluates identity, context, risk
โ†“
๐Ÿ“Š Trust Algorithm
Device health, behavior, threat intel
โ†“
๐Ÿข Enterprise Resource
Application, data, or service accessed

SOC Maturity Model

SOC capability maturity progression

Maturity
๐Ÿ“ Level 1 โ€” Reactive
Ad-hoc response, basic SIEM, manual processes
โ†“
๐Ÿ“ Level 2 โ€” Proactive
Defined playbooks, SOAR, regular hunting
โ†“
๐Ÿ“ Level 3 โ€” Adaptive
Threat-intel driven, ATT&CK mapping, metrics
โ†“
๐Ÿ“ Level 4 โ€” Predictive
ML-powered detection, auto-response, AI triage
โ†“
๐Ÿ“ Level 5 โ€” Autonomous
Full AISecOps, self-healing, continuous optimization

Quick Reference Links

๐Ÿ›ก๏ธ

AppSec Diagrams

Secure SDLC flow

โ˜๏ธ

Cloud Architecture

Cloud defense layers

๐ŸŒ

Network Defense

Network architecture

๐Ÿฐ

Zero Trust Model

ZTA architecture

๐Ÿ“Š

SOC Workflow

SOC process flow

โš™๏ธ

DevSecOps Pipeline

CI/CD security