CALL FOR SUB-STANDARDS IS OPEN
Intrusion 8 Phases
The Intrusion Eight presents a structured progression model that explains how adversaries move from initial reconnaissance to mission completion. Designed for ethical education, simulation, and professional awareness, it frames intrusion as a disciplined sequence rather than chaos, helping practitioners understand adversary behavior without promoting misuse.
INTRUSION VAULT
The Intrusion Vault, inside the ISAUnited.org Library
The Intrusion Vault is Intrusion 8’s curated library of structured adversary intelligence, written to support responsible defense. It translates real intrusion behaviors into reference catalogs that help teams identify exposure conditions, map likely impact paths, and improve defensive design and response. The Vault is housed in the ISAUnited.org Library to keep Intrusion 8 aligned with professional standards, governance, and legitimate instruction.
Threat Profiles
Red Team intelligence that pressures every Defensible 10 domain.
Intrusion8 Threat Profiles translate real adversary operations into disciplined, domain-aligned profiles that defenders can adopt. Each profile maps to one Defensible 10 Standard and frames intrusion progression through the eight Threat Operations Functions (TOF) phases, emphasizing conditions, outcomes, and observable traces rather than instructions.
-
Ten profiles, TP01 through TP10, aligned one to one with D01 through D10
-
Anchored to the Intrusion Vault: Threat Actors, Threat Vectors, and Threat Tools
-
Built for authorized education, simulation, and defensive planning
Coming Soon 2026
THE BOOK
Mastering Technical Adversarial and Defensible Analysis (TADA) presents a practical method for threat-informed security architecture from the Red Team Intelligence perspective of Intrusion 8. It teaches practitioners how to translate adversary behavior into architecture-level findings, defensible decisions, and engineering actions that reduce exposure and constrain impact.
TADA is anchored on an eight-phase intrusion lifecycle, referred to as Threat Operations Functions (TOF): Initial reconnaissance, Initial compromise, Establish foothold, Escalate privileges, Internal reconnaissance, Move laterally, Maintain presence, and Complete mission. These phases provide a consistent structure for mapping threats to systems.
Written for security architects, engineers, and technical leaders, this book advances threat-informed security architecture as a measurable, defensible professional practice, with the mission of protecting people by leveraging adversary intelligence to strengthen secure systems and save lives.
How Intrusion 8 Connects to Defensible 10
Intrusion 8 and Defensible 10 are designed to work together.
-
Intrusion 8 clarifies exposure conditions and how compromise progresses.
-
Defensible 10 defines what must be engineered, implemented, and defended.
-
The Intrusion Vault supports verification and validation by anchoring defensive decisions to threat actor behavior, threat vectors, and tool-driven operations.
Engineering-grade cybersecurity is a public safety expectation
Society depends on digital systems that must remain trustworthy under stress. The Defensible 10 Standards and the Defensible Loop exist to strengthen that trust through disciplined practice and proof.
Contact Us
Have a question or need assistance? Our team supports practitioners and engineers who design and build defensive architecture and infrastructure.