ⓘ Example data in this tool is AI-generated based on real-world threat reports. Quality improves with evolving AI capabilities. These examples illustrate the practical application of the TLCTC framework.
Attack Path Notation
Attack Path Detail Report
#
Cluster / Sphere
Description
Velocity
References
Risk Outcomes
Configure Attack Step
1
Threat Classification
Intermediate carrier sphere(s) that relay the attack. Comma-separated for chained transit. R-TRANSIT-3: Vendor code on target device is NOT transit (e.g., Safari on victim's phone is attack surface, not carrier).
Within-host boundary crossings (sandbox escape, privilege escalation, etc.). These are observability annotations — they do not change cluster classification (R-INTRA-7).
Concurrent exploitation of two distinct generic vulnerabilities at the same moment (e.g., #1 + #7 = function abuse and malware execution simultaneously). Must be a different cluster.
2
Attack Velocity (Δt to next step)
VC-3/4 transitions typically outpace human response — automation required.
3
Operational References
4
Step Annotations
5
Risk Outcomes (Right side of Bow-Tie)
R-CRED Rule (Enforced): #4 Identity Theft represents credential use, not acquisition.
DRE inputs are disabled for this cluster. DREs for credential theft belong on the acquisition step (#9, #2, #3, #5, #7, #8, or #10).
