Amateur Security Archaeologists, trying not to break things.

Tag: Security (Page 5 of 11)

Initial Access: “It’s go time!” for an adversary

Welcome to Part 3 of a series in which we walk through MITRE’s ATT&CK Tactics! Continuing the theme of any movie portraying a conflict, this is where someone takes action against their target. In HBO’s Band of Brothers, an entire episode is spent showing how Easy Company was formed and prepared for D-Day. Not only did they drill and train on general airborne skills and fitness, but they studied their sand tables and maps intently. Eventually, someone has to call the shot – in this case Eisenhower issued the order and they boarded planes & ships. Once the paratroopers, glider troops, trailblazers, and other recon units crossed the channel, the invasion had passed the point of no return. Initial Access was attempted. If you’re the Allies, hopefully the Recon and Resource Development were done right! Now let’s see how all of that pays off for the adversary in ATT&CK – Initial Access.

Continue reading

Resource Dev: What makes it seem Ominous and Inevitable?

Last week we started with the Recon phase of an adversary’s playbook. This research really sets the stage for all that comes after it. As we’ll see today, adversaries apply that context in preparing for their operation. It’s like one of those movie montages where the bad guys are prepping for a sneak attack. Think Death Star firing up the lasers to blow up Alderaan, or the Orcs getting armed at Eisengard. In any of these cases, we were all screaming from the theater seats that victims could have done to prevent or detect it. Could they have? Let’s see how the bad guys get suited up for the opening battle and take a look at the Resource Development stage in ATT&CK of an adversary’s operation!

Continue reading

What’s causing Mike’s Indigestion now? Hugging Goot (8 Mar 2024)

Ok, this is all fun and games until someone messes with things near and dear to my heart. Last week we railed against the patient-harming attacks. Those are awful, and by all accounts are much worse than a lot of cyber events. Heartless, cruel. But this week they hit another vertical I hold near and dear, and this won’t end well for them. C’mon man, attacking Duvel? Are you serious? I’m semi-serious. To prove I can keep things in perspective, let’s learn about Gootloader, Hugging Face issues, and more…

Continue reading

What’s causing Mike’s Indigestion now? Taking patients hostage (1 Mar 2024)

Whoa, what a week! We’re seeing a lot of the organizations I have the privilege to talk to battling a confluence of ransomware events. All the while, the battle between law enforcement and those threat actors is playing out in the open. If you prefer your news to be steadily bad, there are stories for you there as well. So let’s get right into the top news, where threat actors are taking patients hostage.

Continue reading

What’s causing Mike’s Indigestion now? Malice in Chains (15 Feb 2024)

Good evening, folks! Sorry for the delay in getting back to normal cadence. The last couple of weeks have been a blur. Cisco Live EMEA was busy yet rewarding, but I managed to get sick on the way back. Perhaps most importantly, it was a rough week for some colleagues I deeply respect. If you need help I can offer, please let me know folks! For now, let’s round up some threat and vuln updates with supply chains, VPN devices, and AI taking center stage.

Continue reading
« Older posts Newer posts »
Verified by MonsterInsights