Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Category: Defensive Techniques (Page 4 of 6)

AI generated art of a valiant defender holding off a massive adversary at the gates.
Not for nothing, but you aren't sneaking up on anyone with that bright, clanking armor!

How visibility makes you the most frustrating victim

December 10, 2023 /

Who hasn’t hear this one: “the attacker only need to be right once, and they are a success”. Indeed, the corollary is said just as often: “you only need to be wrong once and you’re screwed!” All of that makes you feel a little helpless, right? Helpless folks give up – and good luck getting them to deal with the myriad of issues that are inherent to securing their environments! We’re going to see how we can turn the tables here, and the first step is to see how visibility makes you a most frustrating victim for adversaries!

Continue reading

Gap Analysis With ATT&CK: Fix Your Posture, Young Man!

November 19, 2023 /

Early adopters certainly focused on using ATT&CK for glamorous use cases like Threat Intelligence and Adversary Emulation. Conducting gap analysis with ATT&CK to prioritize engineering efforts is a high-return effort for you and your organization. It’s my favorite of the use cases because it can help any organization! Before the availability of CTI for everyone, many gap assessments conducted by organizations without dedicated threat intelligence teams. The only means available were often based on notional system architectures driven by market trends or vendor pressures. You may have experienced this yourselves – and you may have mountains of shelf-ware purchased in response to the latest fad. By leveraging CTI from frameworks like ATT&CK, you can now ensure that every defensive measure you take provides actual value in countering the threat actors and techniques that are likely to target you.

Continue reading

Check yourself before you wreck yourself: Emulate your foes easily with ATT&CK

November 16, 2023 /

The offensive security industry is hopping – awesome folks out there can help you find your security flaws! Companies today are leveraging security assessments, audits, penetration tests and red team assessments. These evaluations help to validate coverage within the architecture of a threat model. As your organization matures you will focus more on an expected adversary’s behavior than on generic atomic events. It just so happens MITRE’s ATT&CK is a catalogue of those atomic techniques!

Continue reading

Uncover hidden enemies with ATT&CK Detection and Analytics

November 15, 2023 /

As we saw in our last post, Threat Intelligence is a huge focus. But what good does intelligence do if we never act on it? If your organization is leveraging a SIEM or XDR, or using tools that allow for custom detection content to be added, then you use detection and analytics. ATT&CK includes data on detection and mitigation techniques, which presents you with sound guidance on where to start detecting each technique’s use in your environments. These underappreciated features of the ATT&CK database are fantastic in guiding all manner of blue team operators, and they provide a jump start to achieving greater security. Detection (or what they now call Data sources) and Mitigations give us homework. Before we can act, we must see – so let’s see how ATT&CK can help with Detection.

Continue reading

Thwart APTs and unveil secrets with ATT&CK’s Threat Intelligence

November 8, 2023 /

As you saw in the previous post, ATT&CK is loaded with potential to hit a lot of use cases. Most CTI organizations are at least considering the use of ATT&CK to structure their reports and feeds. It provides analysts with a common language and structure. ATT&CK fosters better collaboration and easier consumption of the findings for all, including you and your tools.

old-school picture of an OSS spy with his radio in the mountains
I’ve gotta get my inputs back to HQ before they publish ATT&CK v15!
Continue reading
« Older posts Newer posts »

© 2024 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights