Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Page 3 of 12

Horrible AI-generated image of Roman Soldiers all looking outward for attacks while completely ignoring things already happening inside.
Hey Salvius - are we sure Tacitus will let us know if any of these sneak in?

Initial Access: “It’s go time!” for an adversary

March 18, 2024 /

Welcome to Part 3 of a series in which we walk through MITRE’s ATT&CK Tactics! Continuing the theme of any movie portraying a conflict, this is where someone takes action against their target. In HBO’s Band of Brothers, an entire episode is spent showing how Easy Company was formed and prepared for D-Day. Not only did they drill and train on general airborne skills and fitness, but they studied their sand tables and maps intently. Eventually, someone has to call the shot – in this case Eisenhower issued the order and they boarded planes & ships. Once the paratroopers, glider troops, trailblazers, and other recon units crossed the channel, the invasion had passed the point of no return. Initial Access was attempted. If you’re the Allies, hopefully the Recon and Resource Development were done right! Now let’s see how all of that pays off for the adversary in ATT&CK – Initial Access.

Continue reading
AI-generated image of a hacker making special electronic gadgets to be used in his next exploit
Grounding straps are for boomers - Hack the Planet!!!

Resource Dev: What makes it seem Ominous and Inevitable?

March 10, 2024 /

Last week we started with the Recon phase of an adversary’s playbook. This research really sets the stage for all that comes after it. As we’ll see today, adversaries apply that context in preparing for their operation. It’s like one of those movie montages where the bad guys are prepping for a sneak attack. Think Death Star firing up the lasers to blow up Alderaan, or the Orcs getting armed at Eisengard. In any of these cases, we were all screaming from the theater seats that victims could have done to prevent or detect it. Could they have? Let’s see how the bad guys get suited up for the opening battle and take a look at the Resource Development stage in ATT&CK of an adversary’s operation!

Continue reading
Poor adventurer generated by AI is sad that their beer was compromised by a hacker.
Kick me when I am down, but going after my golden ale? Cruel!

What’s causing Mike’s Indigestion now? Hugging Goot (8 Mar 2024)

March 7, 2024 /

Ok, this is all fun and games until someone messes with things near and dear to my heart. Last week we railed against the patient-harming attacks. Those are awful, and by all accounts are much worse than a lot of cyber events. Heartless, cruel. But this week they hit another vertical I hold near and dear, and this won’t end well for them. C’mon man, attacking Duvel? Are you serious? I’m semi-serious. To prove I can keep things in perspective, let’s learn about Gootloader, Hugging Face issues, and more…

Continue reading
cartoon of a hacker sitting in a beach chair using binoculars with a cocktail on the table next to them
Dang, reconning this target is so easy - they're really leaving nothing to the imagination!

Target Recon Phase: Don’t make it too easy!

March 4, 2024 /

Most adversaries have a plan. Those plans vary greatly – in both complexity and rigor – from actor to actor, target to target. As we’ve discussed in prior posts, adversary plans are usually built from repeatable procedures – techniques and sub-techniques. The power of MITRE’s ATT&CK, CAPEC, or LMCO Kill Chain is that they help us track behaviors. Most of the time, I see organizations rush to address techniques through either detection & visibility or through protection. I think we all could use a dash of prevention – not just policy, but waaaay out front. We need to make even the selection of the plan difficult, and to reveal so little that the bad guys struggle to select the right plans. So let’s talk about making the recon phase hard for the adversary!

Continue reading
AI generated image of an old adventurer trying to fix a broken rack of computer equipment.
I started trying to make this EMR work when I was 29, maybe just a couple of years more...

What’s causing Mike’s Indigestion now? Taking patients hostage (1 Mar 2024)

March 1, 2024 /

Whoa, what a week! We’re seeing a lot of the organizations I have the privilege to talk to battling a confluence of ransomware events. All the while, the battle between law enforcement and those threat actors is playing out in the open. If you prefer your news to be steadily bad, there are stories for you there as well. So let’s get right into the top news, where threat actors are taking patients hostage.

Continue reading
« Older posts Newer posts »

© 2024 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights