Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Tag: ATT&CK (Page 4 of 5)

AI-generated image of a hacker in an aloha shirt trying like crazy to put together a very complex puzzle of all of MITRE ATT&CK's related projects.
MITRE sent me an easy puzzle, but the community blew up the piece count!

Power-up your security: Mapping ATT&CK’s massive ecosystem

January 14, 2024 /

If you are a security professional, MITRE’s ATT&CK is everywhere these days. Even in places it does not belong! That being said, there are a ton of tools, projects, and extensions to ATT&CK. Some are fundamental (like Navigator) while others are niche. How do we tell what is right for us? What projects are essential to power up your security program? For my upcoming Cisco Live presentation in February, I take a crack at mapping ATT&CK’s massive ecosystem to roles and functions. Am I off to a good start? Let’s me share how I tackled this and you can let me know!

Continue reading

Gap Analysis With ATT&CK: Fix Your Posture, Young Man!

November 19, 2023 /

Early adopters certainly focused on using ATT&CK for glamorous use cases like Threat Intelligence and Adversary Emulation. Conducting gap analysis with ATT&CK to prioritize engineering efforts is a high-return effort for you and your organization. It’s my favorite of the use cases because it can help any organization! Before the availability of CTI for everyone, many gap assessments conducted by organizations without dedicated threat intelligence teams. The only means available were often based on notional system architectures driven by market trends or vendor pressures. You may have experienced this yourselves – and you may have mountains of shelf-ware purchased in response to the latest fad. By leveraging CTI from frameworks like ATT&CK, you can now ensure that every defensive measure you take provides actual value in countering the threat actors and techniques that are likely to target you.

Continue reading

Check yourself before you wreck yourself: Emulate your foes easily with ATT&CK

November 16, 2023 /

The offensive security industry is hopping – awesome folks out there can help you find your security flaws! Companies today are leveraging security assessments, audits, penetration tests and red team assessments. These evaluations help to validate coverage within the architecture of a threat model. As your organization matures you will focus more on an expected adversary’s behavior than on generic atomic events. It just so happens MITRE’s ATT&CK is a catalogue of those atomic techniques!

Continue reading

Uncover hidden enemies with ATT&CK Detection and Analytics

November 15, 2023 /

As we saw in our last post, Threat Intelligence is a huge focus. But what good does intelligence do if we never act on it? If your organization is leveraging a SIEM or XDR, or using tools that allow for custom detection content to be added, then you use detection and analytics. ATT&CK includes data on detection and mitigation techniques, which presents you with sound guidance on where to start detecting each technique’s use in your environments. These underappreciated features of the ATT&CK database are fantastic in guiding all manner of blue team operators, and they provide a jump start to achieving greater security. Detection (or what they now call Data sources) and Mitigations give us homework. Before we can act, we must see – so let’s see how ATT&CK can help with Detection.

Continue reading

Thwart APTs and unveil secrets with ATT&CK’s Threat Intelligence

November 8, 2023 /

As you saw in the previous post, ATT&CK is loaded with potential to hit a lot of use cases. Most CTI organizations are at least considering the use of ATT&CK to structure their reports and feeds. It provides analysts with a common language and structure. ATT&CK fosters better collaboration and easier consumption of the findings for all, including you and your tools.

old-school picture of an OSS spy with his radio in the mountains
I’ve gotta get my inputs back to HQ before they publish ATT&CK v15!
Continue reading
« Older posts Newer posts »

© 2024 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights