Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Category: Uncategorized

AI Generated image of Mongol warriors having fun while making a scary shadow puppet show for their victims.
We should take this one to Broadway, boys! Shadow puppets are way more fun than germ warfare!

Execution: Ruthless attackers run malicious code on your systems

March 25, 2024 /

Welcome to Part 4 of our series on MITRE’s ATT&CK Tactics! At this point in the attack, adversaries have pulled the trigger on an attack and defenders have had their first fair shot at detecting the transgression. Like a fortress’s defenders seeing the build-out of siege weapons and the digging of trenches, defenders now know from where a part of the attack is coming. For the attacker, they are relying on their preparation, coordination, and focus to overcome defensive efforts. For the defender, they are likely depending on the training and processes – and their garrison’s trust and cohesion – to disrupt and repel. How able are the attackers to carry out their plan, to sap the fortifications, to breach the walls? This is the MITRE ATT&CK Execution Tactic, and it is the phase from which all later phases branch.

Continue reading
AI-generated photo of a bunch of hackers seemingly posing for a reunion photo.
Conti really wanted to make the 10th reunion, but extradition stood in the way...

What scares you most? How great Threat Pictures are made!

January 22, 2024 /

Most of the posts in the past couple of months have focused on threat modeling tools and use cases. Process-level stuff is interesting, but how do we make sure the inputs are valid? My good friend Mark and I explore that with customers during our Cisco Live interactive breakout, and the things we learn are eye-opening! You can have all the process in the world, but if the inputs are trash, so too will be the outputs. How do we get to the root of it all: What scares you most? We need to ensure we aren’t just wasting our time, right? So how do we paint a great threat picture?

Continue reading
a bored developer is slumped over his keyboard and surfing the web amongst a slovenly desk
Who has time for audit findings? I have Cyber Monday deals to check out!

CAPEC Explained: Your Ultimate Guide to Web & App Attack Patterns

December 4, 2023 /

If you take a look at the long list of breaches that make front-page news, you may think that a single framework can do a decent job of explaining the mechanisms. But that is not the case – some of the largest most famous breaches or vulnerabilities were web application related like the Equifax breach, Yahoo, First American, Facebook, and more. We can thank these breaches for endless credit monitoring – thanks folks! When we talked about MITRE ATT&CK, we discussed a very popular methodology that focused greatly on network and endpoint attacks. Web and application attack patters are missing, though, so how do we discuss a web or application threat? CAPEC helps us understand those web attack patterns and defend against them!

Continue reading
Picture of an analyst standing below a cybersecurity diamond oracle. Rendered by Midjourney AI.
🎶 Carbanak in the sky with diamonds...🎶

Best Friends: What makes the Diamond Model a useful threat modeling tool for analysts?

November 29, 2023 /

We’ve covered a lot of different angles to threat modeling. The main takeway for me is that there is no “best approach” – pick what makes sense to you! How you justify that is up to you, and hopefully less controversial than John Lennon’s denial that “Lucy in the Sky with Diamonds” was about LSD. Here we’re talking about the Diamond Model of Intrusion Analysis. This model describes an active event under investigation, but it is mentioned here because it is helpful to understand how this information so directly links to the other models we’ve discussed before. So what makes the Diamond Model a useful threat modeling tool for analysts on the front line?

Continue reading

© 2024 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights