Amateur Security Archaeologists, trying not to break things.

Tag: Cyber (Page 3 of 6)

Initial Access: “It’s go time!” for an adversary

Welcome to Part 3 of a series in which we walk through MITRE’s ATT&CK Tactics! Continuing the theme of any movie portraying a conflict, this is where someone takes action against their target. In HBO’s Band of Brothers, an entire episode is spent showing how Easy Company was formed and prepared for D-Day. Not only did they drill and train on general airborne skills and fitness, but they studied their sand tables and maps intently. Eventually, someone has to call the shot – in this case Eisenhower issued the order and they boarded planes & ships. Once the paratroopers, glider troops, trailblazers, and other recon units crossed the channel, the invasion had passed the point of no return. Initial Access was attempted. If you’re the Allies, hopefully the Recon and Resource Development were done right! Now let’s see how all of that pays off for the adversary in ATT&CK – Initial Access.

Continue reading

Resource Dev: What makes it seem Ominous and Inevitable?

Last week we started with the Recon phase of an adversary’s playbook. This research really sets the stage for all that comes after it. As we’ll see today, adversaries apply that context in preparing for their operation. It’s like one of those movie montages where the bad guys are prepping for a sneak attack. Think Death Star firing up the lasers to blow up Alderaan, or the Orcs getting armed at Eisengard. In any of these cases, we were all screaming from the theater seats that victims could have done to prevent or detect it. Could they have? Let’s see how the bad guys get suited up for the opening battle and take a look at the Resource Development stage in ATT&CK of an adversary’s operation!

Continue reading

What’s causing Mike’s Indigestion now? Malice in Chains (15 Feb 2024)

Good evening, folks! Sorry for the delay in getting back to normal cadence. The last couple of weeks have been a blur. Cisco Live EMEA was busy yet rewarding, but I managed to get sick on the way back. Perhaps most importantly, it was a rough week for some colleagues I deeply respect. If you need help I can offer, please let me know folks! For now, let’s round up some threat and vuln updates with supply chains, VPN devices, and AI taking center stage.

Continue reading

This is the Way: Beginning my Cyber Threat Intelligence Journey

I have gotten older, I find I’m less eager learn the depths of every technical solution, and have been searching for my happy place. Since my SANS studies, I have gravitated towards an area that is – from what I can see – fun as heck. That area? Cyber Threat Intelligence (CTI). My rookie impression is that this vast world is understaffed and under-supported, and this might be because organizations are so busy looking for operators that they don’t classify this role as mission critical. Fast forward to today: I spent a good part of the day listening into the SANS CTI Conference virtually, and I took away two things. First, there are some wicked sharp folks who have a passion in this area. Second, while I am not likely to become a full-fledged CTI professional, I sure want to learn more and incorporate what I can to help organizations see CTI’s value. This post launches my cyber threat intelligence journey.

Continue reading

What’s causing Mike’s Indigestion now? Injustice League (26 Jan 2024)

Hey folks! This may be the last one of these for a couple of weeks, because I am headed to Amsterdam for Cisco Live Europe! I am excited to be talking about MITRE ATT&CK and helping facilitate a Threat Picture discussion with my good friend King Mark. We’ve got a lot of nation stake hackers causing a ruckus, so let’s go ahead and get into the threat update and look in on some news!

Continue reading
« Older posts Newer posts »
Verified by MonsterInsights