diff --git a/opsec/cloud_provider_adversary/index.html b/opsec/cloud_provider_adversary/index.html
index fcafb9b..f78c1bd 100644
--- a/opsec/cloud_provider_adversary/index.html
+++ b/opsec/cloud_provider_adversary/index.html
@@ -176,6 +176,18 @@ in this post we are going to do a threat modelling exercise:<br><br>
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
 
+                    <h1><b>Attack scenarii</b><h1>
+                    Having finished her thread enumeration, Alice's decides to focus her efforts on three most probable/most damaging scenarii to protect herself and her organization.
+
+                    <h2><b>Live RAM extraction</b></h2>
+
+                    <h3>Attack</h3>
+                        Bob powers down the serve hosting the vps and extracts its RAM, refrigerate it to analyze its contents
+
+                    <h3>Countermeasures</h3>
+                    This one is very tricky and can't be addressed without renting a bare-metal server instead. Alice would need hardware that supports RAM encryption (such as AMD SEV and SME).
+                    <br><br>
+                    This attack is both costly and obvious as it requires the server to go offline. Alice's decides to accept the risk for now and reevaluate based on the evolving sensitivity of the data stored on her VPS.
           
 	       </div>
 			</div><!-- /row -->