Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Tag: Threat Modeling (Page 2 of 7)

AI Generated image of soldiers moving quickly behind a hedgerow to flank their enemy
"3 more clicks and we'll be able to Kerberoast these guys!"

Lateral Movement: a ruthless pivot from invasion to infection!

June 11, 2024 /

It has been almost a month since my last MITRE ATT&CK Tactic-focused entry, and I apologize! When we discussed Discovery, we saw many ways adversaries explore the target environment after Initial Access. Depending on the threat, that information might be used for any number of malicious goals. Threat actors locate files and credentials of interest and uncover details of defenses and configurations. They could learn compromising information about a victim. Many aim to gain illicit access into victim’s financial or intellectual property. Almost every threat actor plans on expanding their reach and to pivot throughout an environment. This “lateral movement” allows the attacker to spread activities out, impact more systems, and achieve even greater levels of persistence. Whether a cyber adversary or an invading army, lateral movement is essential to many other goals or tactics. So let’s take a look at how the ATT&CK tactic of Lateral Movement works!

Continue reading
AI generated image of a world war II paratrooper landing in a data center
Oh man, I think I missed my drop zone again - hopefully this rubber ducky can help.

Discovery: Now what do we have here?

May 16, 2024 /

The 9th tactic in the MITRE ATT&CK Enterprise Matrix is a fun one. ATT&CK’s Discovery is essential in any operation. No matter how solid the recon efforts are prior, circumstances change. All of the preparation in the world can’t replace updated intelligence. To be effective and achieve the end goals, adversaries need to dig deeper and gain knowledge of the environment. Both physical adversaries and cyber adversaries practice this behavior, but with slightly different stakes. In both cases, the discovery efforts not only help refocus the operation and steer towards objectives, but it also offers intel that can help the adversary cover their tracks. Let’s take a look at how discovery happens and what it can bring!

Continue reading
AI-generated image of spies changing their disguises while escaping with a computer
Are you CERTAIN that these are the web access tokens we were supposed to nab?

Credential Access: Why make logging in so easy?

May 6, 2024 /

When we look at the sheer number of vectors an adversary uses to compromise or breach their target, credential compromise is right up there with phishing as the two leading sources of compromise. In fact, phishing’s primary objective is to obtain credentials. Threat actors get a lot of press for creating new exploits, but isn’t it easier to just log in? Stats show that detecting a breach that leveraged stolen credentials takes ~50% longer over other primary methods (exploits, misconfiguration, etc.). Why is that? And what can we do to make it harder? Let’s talk about MITRE ATT&CK‘s 8th tactic, Credential Access!

Continue reading
AI-generated image of an adventurer in a dogfight, firing off flares to distract his enemies.
Flares? Check! cannons? check! Plane or parachute? Crap.

Defense Evasion: Popping flares, spraying chaff, and launching decoys

April 29, 2024 /

This, friends, is the Big Kahuna of tactics we’re talking about now! When I started writing this series of posts to discuss tactics, I feared the 7th tactic from the left. Why? Because we’re talking about the diverse and expansive ATT&CK Tactic of Defense Evasion. This brute contains a whopping 43 techniques and 155 sub-techniques. It is almost as if our adversaries really want to avoid detection or prevention and need options! Well, as this is so massive, we’re going to take a more holistic approach to this entry.

Continue reading
AI-generated cartoon of Benedict Arnold turning over a laptop to British forces
The traitor Arnold dreamed not just of turning over West Point, but also the Keberos golden ticket!

Privilege Escalation: Pretending to be something better!

April 21, 2024 /

It has been a little bit since we dove into the MITRE ATT&CK Tactics. When we left off with Persistence, we talked about how attackers maintain their leverage by opening as many ways in as possible. All use multiple vectors to cover their bases, but it is really hard to stay a step ahead and have impact if they don’t get heightened permissions. History shows that attackers who can either disrupt, discredit, or even hijack the command structure can cause a whole new level of pain. The pinnacle of many adversaries’ tactics is to be able to issue commands as if they were a highly placed commander within their target organization. It not only grants an amplifying effect, but can also hide their activity as they exploit trust. So let’s take a look at ATT&CK’s Privilege Escalation tactic and what it means to the attacker & defender.

Continue reading
« Older posts Newer posts »

© 2025 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights