The 9th tactic in the MITRE ATT&CK Enterprise Matrix is a fun one. ATT&CK’s Discovery is essential in any operation. No matter how solid the recon efforts are prior, circumstances change. All of the preparation in the world can’t replace updated intelligence. To be effective and achieve the end goals, adversaries need to dig deeper and gain knowledge of the environment. Both physical adversaries and cyber adversaries practice this behavior, but with slightly different stakes. In both cases, the discovery efforts not only help refocus the operation and steer towards objectives, but it also offers intel that can help the adversary cover their tracks. Let’s take a look at how discovery happens and what it can bring!
Continue readingTag: CTI (Page 2 of 11)
When we look at the sheer number of vectors an adversary uses to compromise or breach their target, credential compromise is right up there with phishing as the two leading sources of compromise. In fact, phishing’s primary objective is to obtain credentials. Threat actors get a lot of press for creating new exploits, but isn’t it easier to just log in? Stats show that detecting a breach that leveraged stolen credentials takes ~50% longer over other primary methods (exploits, misconfiguration, etc.). Why is that? And what can we do to make it harder? Let’s talk about MITRE ATT&CK‘s 8th tactic, Credential Access!
Continue readingGood morning, folks! Another week, another threat surface gets its turn in the press! While I have been working hard to prepare for the upcoming Cisco Live (2-6 June in Las Vegas!) news seems to be picking up before RSA Conference next week. This week we saw a lot of continued fallout from breaches past, variations of perimeter defense vulns, and more. We even see yet another tool essential to many get hacked – is nothing sacred! Let’s get into it!
Continue readingThis, friends, is the Big Kahuna of tactics we’re talking about now! When I started writing this series of posts to discuss tactics, I feared the 7th tactic from the left. Why? Because we’re talking about the diverse and expansive ATT&CK Tactic of Defense Evasion. This brute contains a whopping 43 techniques and 155 sub-techniques. It is almost as if our adversaries really want to avoid detection or prevention and need options! Well, as this is so massive, we’re going to take a more holistic approach to this entry.
Continue readingHello folks! It seems that there is never a dull week. To almost make that point abundantly clear, we have a large number of newly announced firewall vulns, some more ransomware hitting critical targets, and more state sponsored mayhem. So let’s get started and see what is going on!
Continue reading