Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Tag: Threat Modeling (Page 4 of 7)

AI Generated image of a bunch of young hackers fretting over one of them mistakenly getting phished.
If you were such a good hacker, Jimmy, we wouldn't have to be doing this security awareness training!

Membership has its benefits: Using ATT&CK for Insider Threats

February 12, 2024 /

Happy Monday folks! I’m super excited to be getting back to it and blogging about some cybersecurity goodness. I’ve picked up a ton of cool ideas after a long but fantastic week in Amsterdam for Cisco Live Europe. Once again, my buddy Mark Stephens and I presented an Interactive Breakout called “Empty Threats – Building Your Own Cyber Threat Picture”. Offered at the last 4 Cisco Live US and Amsterdam events, each is a goldmine. What I love about these sessions is that our customers teach us so much about how they tackle security problems. Last week’s iteration did not disappoint. We had a fantastic discussion around using ATT&CK for insider threats. An attendee named Tommy brought up the question of how we factor them in, weigh their TTPs, etc. As with so many of these interactions, I am now thinking a lot about how to carry that forward. Let’s see how we might tackle this thorny topic!

Continue reading
AI-generated photo of a bunch of hackers seemingly posing for a reunion photo.
Conti really wanted to make the 10th reunion, but extradition stood in the way...

What scares you most? How great Threat Pictures are made!

January 22, 2024 /

Most of the posts in the past couple of months have focused on threat modeling tools and use cases. Process-level stuff is interesting, but how do we make sure the inputs are valid? My good friend Mark and I explore that with customers during our Cisco Live interactive breakout, and the things we learn are eye-opening! You can have all the process in the world, but if the inputs are trash, so too will be the outputs. How do we get to the root of it all: What scares you most? We need to ensure we aren’t just wasting our time, right? So how do we paint a great threat picture?

Continue reading
AI-generated image of a hacker in an aloha shirt trying like crazy to put together a very complex puzzle of all of MITRE ATT&CK's related projects.
MITRE sent me an easy puzzle, but the community blew up the piece count!

Power-up your security: Mapping ATT&CK’s massive ecosystem

January 14, 2024 /

If you are a security professional, MITRE’s ATT&CK is everywhere these days. Even in places it does not belong! That being said, there are a ton of tools, projects, and extensions to ATT&CK. Some are fundamental (like Navigator) while others are niche. How do we tell what is right for us? What projects are essential to power up your security program? For my upcoming Cisco Live presentation in February, I take a crack at mapping ATT&CK’s massive ecosystem to roles and functions. Am I off to a good start? Let’s me share how I tackled this and you can let me know!

Continue reading
AI generated art of a valiant defender holding off a massive adversary at the gates.
Not for nothing, but you aren't sneaking up on anyone with that bright, clanking armor!

How visibility makes you the most frustrating victim

December 10, 2023 /

Who hasn’t hear this one: “the attacker only need to be right once, and they are a success”. Indeed, the corollary is said just as often: “you only need to be wrong once and you’re screwed!” All of that makes you feel a little helpless, right? Helpless folks give up – and good luck getting them to deal with the myriad of issues that are inherent to securing their environments! We’re going to see how we can turn the tables here, and the first step is to see how visibility makes you a most frustrating victim for adversaries!

Continue reading
a bored developer is slumped over his keyboard and surfing the web amongst a slovenly desk
Who has time for audit findings? I have Cyber Monday deals to check out!

CAPEC Explained: Your Ultimate Guide to Web & App Attack Patterns

December 4, 2023 /

If you take a look at the long list of breaches that make front-page news, you may think that a single framework can do a decent job of explaining the mechanisms. But that is not the case – some of the largest most famous breaches or vulnerabilities were web application related like the Equifax breach, Yahoo, First American, Facebook, and more. We can thank these breaches for endless credit monitoring – thanks folks! When we talked about MITRE ATT&CK, we discussed a very popular methodology that focused greatly on network and endpoint attacks. Web and application attack patters are missing, though, so how do we discuss a web or application threat? CAPEC helps us understand those web attack patterns and defend against them!

Continue reading
« Older posts Newer posts »

© 2025 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights