Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Tag: ATT&CK (Page 1 of 5)

AI-generated image of our hero running to escape from an erupting volcano with precious data and computers.
This simulation is WAY more realistic than is necessary!

All I want for Christmas is Caldera 5.0

December 13, 2024 /

Well it has been some time since I have had an opportunity to log in and capture some thoughts – sorry about that! The truth is, it has been a wild few months with work, kids, and the whole ‘adulting’ thing. I do hope I can start offering something of use more frequently. Something that took a lot of time – and shouldn’t have – was getting a working installation of MITRE’s Caldera open-source attack simulation tool. I have used prior versions since 2020 – I think it was version 2.7? Well, the new release (Magma or v5.0) is fantastic. If you can get it to install correctly for you.

Continue reading
AI-generated cartoon of a bearded man wearing a hawaiian shirt and holding a garage sale selling financial information, corporate secrets, and access to critical systems.
Selling PII is so lucrative that I can probably drop my day job. So long, Congress!

Impact: When Attackers Just Want to Watch the World Burn

July 8, 2024 /

In our journey through the MITRE ATT&CK framework, we’ve explored how attackers gain access, establish persistence, and steal data. But what happens when adversaries decide to break things, or to show the defenders that they are in charge? This last post covers ATT&CK’s Impact tactic – the cyber equivalent of leaving a calling card, often with devastating consequences.

Continue reading
AI-generated cartoon of a man wearing a hawaiian shirt and headlamp emerging from an escape tunnel with an arm full of secret documents
Guys, you'll never believe it, but they left their guacamole recipe unencrypted!

Exfiltration: The Attacker’s Great Escape with Your Data

July 1, 2024 /

In our Collection post, we examined how attackers collect valuable information within a compromised environment. Once adversaries have gathered their loot, the next crucial step is to smuggle it out. This brings us to the MITRE ATT&CK tactic of Exfiltration. Let’s explore how various threat actors, from cyber criminals to nation-state operatives, execute this critical phase of their operations.

Continue reading
AI-generated image of a defender in an Aloha shirt beating back a bunch of bad puppets on strings.
Whose idea was it to forego the DNS inspection? Has anyone got some scissors?

Command and Control: This is Major Tom to Ground Control

June 25, 2024 /

In our last post, we explored how attackers gather valuable information through the Collection tactic. Once adversaries have a foothold and have collected data, they need a way to maintain control over compromised systems and coordinate their activities. In military operations, you’ll see a mix of overt and covert forms of communications. But we know they are happening. Without them, the various units involved would be uncoordinated and the attack would fail before major objectives could be accomplished. Cyber adversaries need this sustained control as well. Payloads are unable to act autonomously for long. And exfiltrating data without it is futile. This is where the next MITRE ATT&CK Tactic comes into play: Command and Control (C2). Let’s dive into how attackers use C2 to orchestrate their operations and why it’s a critical component of almost every sophisticated cyber attack.

Continue reading
AI-generated image of a hacker in hawaiian shirt working on his workstation, with a collection of floppy disks and usb drives in jars on shelves behind him.
Tell me again why I can't back up all of these stolen password databases on my OneDrive?

Collection: How Attackers Gather the Loot Before Being Caught

June 18, 2024 /

In last week’s post, we tool at look at how attackers move laterally. They do this to get to their goals and to better entrench themselves. Whether the adversary is an APT or special forces unit, gathering information is critical to the success of any mission. If there are exceptions, they’re probably limited to bombardments (in physical warfare) or Denial of Service (DoS) attacks (in cyber). It’s tough to have long-lasting effects without going further than those brute-force attacks. FThe information may be the end goal, or it may be essential to achieving it. The next MITRE ATT&CK tactic is Collection. Let’s look at how almost every adversary on the very diverse spectrum of threats needs it.

Continue reading
« Older posts

© 2025 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights