Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Tag: Threat Modeling (Page 5 of 7)

Picture of an analyst standing below a cybersecurity diamond oracle. Rendered by Midjourney AI.
🎶 Carbanak in the sky with diamonds...🎶

Best Friends: What makes the Diamond Model a useful threat modeling tool for analysts?

November 29, 2023 /

We’ve covered a lot of different angles to threat modeling. The main takeway for me is that there is no “best approach” – pick what makes sense to you! How you justify that is up to you, and hopefully less controversial than John Lennon’s denial that “Lucy in the Sky with Diamonds” was about LSD. Here we’re talking about the Diamond Model of Intrusion Analysis. This model describes an active event under investigation, but it is mentioned here because it is helpful to understand how this information so directly links to the other models we’ve discussed before. So what makes the Diamond Model a useful threat modeling tool for analysts on the front line?

Continue reading

A Retro Feast for the Family: The Cyber Kill Chain

November 22, 2023 /

Americans reading this may be like me and headed towards a food coma. My gift to you? I give you a crowd-pleasing topic for family banter. Rather than argue over controversial topics, avoiding Aunt Mildred’s hugs, or snoozing through a futile Cowboys game, cook up a retro feast for the family with the Cyber Kill Chain! If you’ve seen the “Fishes” episode of The Bear, you know how bad things can get. So consider this your safe topic, one everybody can enjoy. Your kids will thank you. Your family will be prepared to defend against nation state threats while bickering over the wishbone. Relative peace AND security? You’re welcome.

Continue reading

Gap Analysis With ATT&CK: Fix Your Posture, Young Man!

November 19, 2023 /

Early adopters certainly focused on using ATT&CK for glamorous use cases like Threat Intelligence and Adversary Emulation. Conducting gap analysis with ATT&CK to prioritize engineering efforts is a high-return effort for you and your organization. It’s my favorite of the use cases because it can help any organization! Before the availability of CTI for everyone, many gap assessments conducted by organizations without dedicated threat intelligence teams. The only means available were often based on notional system architectures driven by market trends or vendor pressures. You may have experienced this yourselves – and you may have mountains of shelf-ware purchased in response to the latest fad. By leveraging CTI from frameworks like ATT&CK, you can now ensure that every defensive measure you take provides actual value in countering the threat actors and techniques that are likely to target you.

Continue reading

Check yourself before you wreck yourself: Emulate your foes easily with ATT&CK

November 16, 2023 /

The offensive security industry is hopping – awesome folks out there can help you find your security flaws! Companies today are leveraging security assessments, audits, penetration tests and red team assessments. These evaluations help to validate coverage within the architecture of a threat model. As your organization matures you will focus more on an expected adversary’s behavior than on generic atomic events. It just so happens MITRE’s ATT&CK is a catalogue of those atomic techniques!

Continue reading

Uncover hidden enemies with ATT&CK Detection and Analytics

November 15, 2023 /

As we saw in our last post, Threat Intelligence is a huge focus. But what good does intelligence do if we never act on it? If your organization is leveraging a SIEM or XDR, or using tools that allow for custom detection content to be added, then you use detection and analytics. ATT&CK includes data on detection and mitigation techniques, which presents you with sound guidance on where to start detecting each technique’s use in your environments. These underappreciated features of the ATT&CK database are fantastic in guiding all manner of blue team operators, and they provide a jump start to achieving greater security. Detection (or what they now call Data sources) and Mitigations give us homework. Before we can act, we must see – so let’s see how ATT&CK can help with Detection.

Continue reading
« Older posts Newer posts »

© 2025 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights