Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Tag: CTI (Page 3 of 11)

AI-generated cartoon of Benedict Arnold turning over a laptop to British forces
The traitor Arnold dreamed not just of turning over West Point, but also the Keberos golden ticket!

Privilege Escalation: Pretending to be something better!

April 21, 2024 /

It has been a little bit since we dove into the MITRE ATT&CK Tactics. When we left off with Persistence, we talked about how attackers maintain their leverage by opening as many ways in as possible. All use multiple vectors to cover their bases, but it is really hard to stay a step ahead and have impact if they don’t get heightened permissions. History shows that attackers who can either disrupt, discredit, or even hijack the command structure can cause a whole new level of pain. The pinnacle of many adversaries’ tactics is to be able to issue commands as if they were a highly placed commander within their target organization. It not only grants an amplifying effect, but can also hide their activity as they exploit trust. So let’s take a look at ATT&CK’s Privilege Escalation tactic and what it means to the attacker & defender.

Continue reading
cartoon of a bearded Indiana Jones bruised and battered while sitting on a bed, recovering from a cyber beating.
I'm getting too old for this. I don't bounce back like I used to.

What’s causing Mike’s Indigestion now? Everybody Hurts (19 April 2024)

April 20, 2024 /

I was on the road until yesterday, but I wanted to get back on the blog and update horse. So here we are! After learning about and supporting the launch of a new solution, I got sucked into some saved news articles and blogs on the trip home that convinced me we need to rethink a lot of things to get caught up with adversaries. Ransomware operators are constantly evolving, we should too! And no one has it figured out, as we’ll see in a couple of paragraphs. So let’s think outside of the magic quadrants and waves about new ways to solve our problems.

Continue reading
cartoon of cartoon of a middle-aged & bearded indiana jones running away from a Volt Typhoon
I know I am vulnerable, but lightning really doesn't ascribe to a single TTP, does it?

What’s causing Mike’s Indigestion now? Stormy Nights (12 April 2024)

April 11, 2024 /

Hey folks! After a busy week, I am finally sitting down to see what is new in the world of threat actors and trends. We’re barrelling into Friday with a lot of attention on probably THE key software vendor in the world (Microsoft), and more attention on Volt Typhoon. Yet even hardware vulnerabilities are a thing, and it just goes to show how our supply chain is riddled with dependencies. And those dependencies open doors to vulnerabilities. So let’s check in and see some of the more interesting threads!

Continue reading
cartoon showing a software supply chain being stretched to the breaking point while two big businessmen pull it in opposite directions
It seemed like such a good idea to do a stock buyback rather than support open source solutions we depend on!

What’s causing Mike’s Indigestion now? Supply Chain Heist (5 April 2024)

April 4, 2024 /

Happy weekend, folks! Loads of cool stuff going on in the day job, but lots chatter focused on 2 areas on opposite sides of the software ecosystem. The resourcefulness of adversaries never ceases to amaze me. Both stories offer a lot of intricate technical details, but the big takeaway is that we’re in serious trouble unless we tackle best-practices, hygiene, and find support for the massive base of open source projects. So let’s get going!

Continue reading
cartoon of a middle-aged and bearded Indiana Jones who is trying to squeeze into an army uniform while hiding behind a stack of crates.
I wonder how long I have to wait before the attack - I can't hold it much longer!

Persistence: How Uninvited Attackers Avoid Being Bounced from the Party

April 2, 2024 /

Hello folks – welcome to Part 5 of the series on MITRE ATT&CK Tactics! Today we’re talking about how adversaries maintain a foothold. Like any invading force, threat actors work hard to ensure that they get initial access, and they would rather not have to repeat that effort. Traditional aggressors most often resolve to maintaining pressure on the front once their initial attack lands. This has the effect of exhausting the defenders and ensuring they are unable to reset or respond effectively. Some attackers will leverage asymmetrical warfare elements like guerilla forces, local resistance forces, or agents to undermine defenses and guarantee access. Cyber adversaries need the same sort of effects, and that guaranteed access is arguably their highest priority. So let’s discuss the MITRE ATT&CK Persistence tactic and see why it is vital and how they might achieve it!

Continue reading
« Older posts Newer posts »

© 2025 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights