Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Category: Security Concepts (Page 2 of 6)

AI-generated image of a hacker making special electronic gadgets to be used in his next exploit
Grounding straps are for boomers - Hack the Planet!!!

Resource Dev: What makes it seem Ominous and Inevitable?

March 10, 2024 /

Last week we started with the Recon phase of an adversary’s playbook. This research really sets the stage for all that comes after it. As we’ll see today, adversaries apply that context in preparing for their operation. It’s like one of those movie montages where the bad guys are prepping for a sneak attack. Think Death Star firing up the lasers to blow up Alderaan, or the Orcs getting armed at Eisengard. In any of these cases, we were all screaming from the theater seats that victims could have done to prevent or detect it. Could they have? Let’s see how the bad guys get suited up for the opening battle and take a look at the Resource Development stage in ATT&CK of an adversary’s operation!

Continue reading
cartoon of a hacker sitting in a beach chair using binoculars with a cocktail on the table next to them
Dang, reconning this target is so easy - they're really leaving nothing to the imagination!

Target Recon Phase: Don’t make it too easy!

March 4, 2024 /

Most adversaries have a plan. Those plans vary greatly – in both complexity and rigor – from actor to actor, target to target. As we’ve discussed in prior posts, adversary plans are usually built from repeatable procedures – techniques and sub-techniques. The power of MITRE’s ATT&CK, CAPEC, or LMCO Kill Chain is that they help us track behaviors. Most of the time, I see organizations rush to address techniques through either detection & visibility or through protection. I think we all could use a dash of prevention – not just policy, but waaaay out front. We need to make even the selection of the plan difficult, and to reveal so little that the bad guys struggle to select the right plans. So let’s talk about making the recon phase hard for the adversary!

Continue reading
AI Generated image of a bunch of young hackers fretting over one of them mistakenly getting phished.
If you were such a good hacker, Jimmy, we wouldn't have to be doing this security awareness training!

Membership has its benefits: Using ATT&CK for Insider Threats

February 12, 2024 /

Happy Monday folks! I’m super excited to be getting back to it and blogging about some cybersecurity goodness. I’ve picked up a ton of cool ideas after a long but fantastic week in Amsterdam for Cisco Live Europe. Once again, my buddy Mark Stephens and I presented an Interactive Breakout called “Empty Threats – Building Your Own Cyber Threat Picture”. Offered at the last 4 Cisco Live US and Amsterdam events, each is a goldmine. What I love about these sessions is that our customers teach us so much about how they tackle security problems. Last week’s iteration did not disappoint. We had a fantastic discussion around using ATT&CK for insider threats. An attendee named Tommy brought up the question of how we factor them in, weigh their TTPs, etc. As with so many of these interactions, I am now thinking a lot about how to carry that forward. Let’s see how we might tackle this thorny topic!

Continue reading
AI-generated image of a bounty hunter from a galaxy far far away trying to learn about Cyber Threat Intelligence via their computer.
One sec, I think some scruffy-looking nerf herder just tripped my honeypot!

This is the Way: Beginning my Cyber Threat Intelligence Journey

January 29, 2024 /

I have gotten older, I find I’m less eager learn the depths of every technical solution, and have been searching for my happy place. Since my SANS studies, I have gravitated towards an area that is – from what I can see – fun as heck. That area? Cyber Threat Intelligence (CTI). My rookie impression is that this vast world is understaffed and under-supported, and this might be because organizations are so busy looking for operators that they don’t classify this role as mission critical. Fast forward to today: I spent a good part of the day listening into the SANS CTI Conference virtually, and I took away two things. First, there are some wicked sharp folks who have a passion in this area. Second, while I am not likely to become a full-fledged CTI professional, I sure want to learn more and incorporate what I can to help organizations see CTI’s value. This post launches my cyber threat intelligence journey.

Continue reading
AI-generated image of a hacker in an aloha shirt trying like crazy to put together a very complex puzzle of all of MITRE ATT&CK's related projects.
MITRE sent me an easy puzzle, but the community blew up the piece count!

Power-up your security: Mapping ATT&CK’s massive ecosystem

January 14, 2024 /

If you are a security professional, MITRE’s ATT&CK is everywhere these days. Even in places it does not belong! That being said, there are a ton of tools, projects, and extensions to ATT&CK. Some are fundamental (like Navigator) while others are niche. How do we tell what is right for us? What projects are essential to power up your security program? For my upcoming Cisco Live presentation in February, I take a crack at mapping ATT&CK’s massive ecosystem to roles and functions. Am I off to a good start? Let’s me share how I tackled this and you can let me know!

Continue reading
« Older posts Newer posts »

© 2024 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights