Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Tag: Threat Modeling (Page 1 of 5)

AI-generated image of spies changing their disguises while escaping with a computer
Are you CERTAIN that these are the web access tokens we were supposed to nab?

Credential Access: Why make logging in so easy?

May 6, 2024 / / 0 Comments

When we look at the sheer number of vectors an adversary uses to compromise or breach their target, credential compromise is right up there with phishing as the two leading sources of compromise. In fact, phishing’s primary objective is to obtain credentials. Threat actors get a lot of press for creating new exploits, but isn’t it easier to just log in? Stats show that detecting a breach that leveraged stolen credentials takes ~50% longer over other primary methods (exploits, misconfiguration, etc.). Why is that? And what can we do to make it harder? Let’s talk about MITRE ATT&CK‘s 8th tactic, Credential Access!

Continue reading
AI-generated image of an adventurer in a dogfight, firing off flares to distract his enemies.
Flares? Check! cannons? check! Plane or parachute? Crap.

Defense Evasion: Popping flares, spraying chaff, and launching decoys

April 29, 2024 / / 0 Comments

This, friends, is the Big Kahuna of tactics we’re talking about now! When I started writing this series of posts to discuss tactics, I feared the 7th tactic from the left. Why? Because we’re talking about the diverse and expansive ATT&CK Tactic of Defense Evasion. This brute contains a whopping 43 techniques and 155 sub-techniques. It is almost as if our adversaries really want to avoid detection or prevention and need options! Well, as this is so massive, we’re going to take a more holistic approach to this entry.

Continue reading
AI-generated cartoon of Benedict Arnold turning over a laptop to British forces
The traitor Arnold dreamed not just of turning over West Point, but also the Keberos golden ticket!

Privilege Escalation: Pretending to be something better!

April 21, 2024 / / 0 Comments

It has been a little bit since we dove into the MITRE ATT&CK Tactics. When we left off with Persistence, we talked about how attackers maintain their leverage by opening as many ways in as possible. All use multiple vectors to cover their bases, but it is really hard to stay a step ahead and have impact if they don’t get heightened permissions. History shows that attackers who can either disrupt, discredit, or even hijack the command structure can cause a whole new level of pain. The pinnacle of many adversaries’ tactics is to be able to issue commands as if they were a highly placed commander within their target organization. It not only grants an amplifying effect, but can also hide their activity as they exploit trust. So let’s take a look at ATT&CK’s Privilege Escalation tactic and what it means to the attacker & defender.

Continue reading
cartoon of a middle-aged and bearded Indiana Jones who is trying to squeeze into an army uniform while hiding behind a stack of crates.
I wonder how long I have to wait before the attack - I can't hold it much longer!

Persistence: How Uninvited Attackers Avoid Being Bounced from the Party

April 2, 2024 /

Hello folks – welcome to Part 5 of the series on MITRE ATT&CK Tactics! Today we’re talking about how adversaries maintain a foothold. Like any invading force, threat actors work hard to ensure that they get initial access, and they would rather not have to repeat that effort. Traditional aggressors most often resolve to maintaining pressure on the front once their initial attack lands. This has the effect of exhausting the defenders and ensuring they are unable to reset or respond effectively. Some attackers will leverage asymmetrical warfare elements like guerilla forces, local resistance forces, or agents to undermine defenses and guarantee access. Cyber adversaries need the same sort of effects, and that guaranteed access is arguably their highest priority. So let’s discuss the MITRE ATT&CK Persistence tactic and see why it is vital and how they might achieve it!

Continue reading
AI Generated image of Mongol warriors having fun while making a scary shadow puppet show for their victims.
We should take this one to Broadway, boys! Shadow puppets are way more fun than germ warfare!

Execution: Ruthless attackers run malicious code on your systems

March 25, 2024 /

Welcome to Part 4 of our series on MITRE’s ATT&CK Tactics! At this point in the attack, adversaries have pulled the trigger on an attack and defenders have had their first fair shot at detecting the transgression. Like a fortress’s defenders seeing the build-out of siege weapons and the digging of trenches, defenders now know from where a part of the attack is coming. For the attacker, they are relying on their preparation, coordination, and focus to overcome defensive efforts. For the defender, they are likely depending on the training and processes – and their garrison’s trust and cohesion – to disrupt and repel. How able are the attackers to carry out their plan, to sap the fortifications, to breach the walls? This is the MITRE ATT&CK Execution Tactic, and it is the phase from which all later phases branch.

Continue reading
« Older posts

© 2024 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights