Amateur Security Archaeologists, trying not to break things.
Happy weekend, folks! Loads of cool stuff going on in the day job, but lots chatter focused on 2 areas on opposite sides of the software ecosystem. The resourcefulness of adversaries never ceases to amaze me. Both stories offer a lot of intricate technical details, but the big takeaway is that we’re in serious trouble unless we tackle best-practices, hygiene, and find support for the massive base of open source projects. So let’s get going!
Continue reading
Wow, I am so sorry folks! it has been 3 weeks between updates – as I mentioned on LinkedIn, things have been busy on the travel front! In that crazy time, a lot of interesting things have happened that are worth a good look! Much of the biggest news this week in the world of threats is on another one of our state sponsored threat actors, APT31, so let’s see what the buzz is about.
Continue reading
Welcome to Part 3 of a series in which we walk through MITRE’s ATT&CK Tactics! Continuing the theme of any movie portraying a conflict, this is where someone takes action against their target. In HBO’s Band of Brothers, an entire episode is spent showing how Easy Company was formed and prepared for D-Day. Not only did they drill and train on general airborne skills and fitness, but they studied their sand tables and maps intently. Eventually, someone has to call the shot – in this case Eisenhower issued the order and they boarded planes & ships. Once the paratroopers, glider troops, trailblazers, and other recon units crossed the channel, the invasion had passed the point of no return. Initial Access was attempted. If you’re the Allies, hopefully the Recon and Resource Development were done right! Now let’s see how all of that pays off for the adversary in ATT&CK – Initial Access.
Continue reading
Most adversaries have a plan. Those plans vary greatly – in both complexity and rigor – from actor to actor, target to target. As we’ve discussed in prior posts, adversary plans are usually built from repeatable procedures – techniques and sub-techniques. The power of MITRE’s ATT&CK, CAPEC, or LMCO Kill Chain is that they help us track behaviors. Most of the time, I see organizations rush to address techniques through either detection & visibility or through protection. I think we all could use a dash of prevention – not just policy, but waaaay out front. We need to make even the selection of the plan difficult, and to reveal so little that the bad guys struggle to select the right plans. So let’s talk about making the recon phase hard for the adversary!
Continue reading
Happy Monday folks! I’m super excited to be getting back to it and blogging about some cybersecurity goodness. I’ve picked up a ton of cool ideas after a long but fantastic week in Amsterdam for Cisco Live Europe. Once again, my buddy Mark Stephens and I presented an Interactive Breakout called “Empty Threats – Building Your Own Cyber Threat Picture”. Offered at the last 4 Cisco Live US and Amsterdam events, each is a goldmine. What I love about these sessions is that our customers teach us so much about how they tackle security problems. Last week’s iteration did not disappoint. We had a fantastic discussion around using ATT&CK for insider threats. An attendee named Tommy brought up the question of how we factor them in, weigh their TTPs, etc. As with so many of these interactions, I am now thinking a lot about how to carry that forward. Let’s see how we might tackle this thorny topic!
Continue reading
Mike© 2025 Raiders of the Lost ARP
Theme by Anders Noren — Up ↑
