What's New with ATTACK for Cloud?

•

0 j'aime•459 vues

From MITRE ATT&CKcon Power Hour October 2020 By Jen Burns, Lead Cybersecurity Engineer, MITRE, @snarejen Jen Burns is a Lead Cybersecurity Engineer at MITRE and the Lead for MITRE ATT&CK® for Cloud. She’s also a red team developer and lead for ATT&CK Evaluations, using her skills in software engineering and adversary emulation. Previously, she was a tech lead at HubSpot on the Infrastructure Security team where she focused on red teaming and building detections in the cloud environment. This presentation is from the MITRE ATT&CKcon Power Hour session held on October 9, 2020.

Gouvernement et associations à but non lucratif

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
� for Cloud?
Jen Burns
@snarejen
@MITREattack

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-000000
| 90 |
for Cloud
Credit to Dave Herrald and Ryan Kovar

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
ATT&CK for Cloud Beginnings
Initial Release October 2019
Part of Enterprise ATT&CK
Almost 100% community-
contributed techniques!
Input from:
A cloud service provider
Threat analysts
Detection analysts
Red teams

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
ATT&CK for Cloud Today

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
ATT&CK for Cloud Scope
Add techniques generally visible via Cloud data sources
AWS CloudTrail Logs
Azure Activity Logs
Office365 Audit Logs
etc
Minimize duplication across Windows/Linux/macOS
Cloud is meant to add an additional layer to ATT&CK
Example:

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
Future of Cloud Platforms
Current Future
SaaS
IaaS
Additional
SaaS
Additional
SaaS
Additional
SaaS
SaaS

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
Why generalize to IaaS?
Current IaaS platforms share most
techniques
Differences between Cloud Service Providers
(CSPs) can be documented within the technique
All CSPs can be represented
Community feedback favors a single
platform

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
Cloud Data Sources Today
AWS CloudTrail logs
Azure activity logs
GCP audit logs
Oauth audit logs

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
Future of Cloud Data Sources
Data Source
One or more Data Components
Mapping(s) to Relevant Azure
Operation Name(s)
Mapping(s) to Relevant AWS
CloudTrail Event Name(s)
Mapping(s) to Relevant GCP REST
API Method(s)
Mapping(s) to Other CSPs or SaaS
Events
https://media.giphy.com/media/l41m6QYDHcEEwjo52/giphy.gif

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
Example IaaS Data Source
Instance
Data Source Data Component Events (API)
Instance Creation
Instance Modification
Instance Deletion
Instance Metadata
Instance Enumeration
Instance Start
Instance Stop
AWS: ListInstances
AWS: ModifyInstanceAttribute
AWS: TerminateInstances
AWS: DescribeInstances
AWS: RunInstances
AWS: StartInstances
AWS: StopInstances

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
Why the change?
Ensure approach is consistent with the rest of Enterprise
Suggest reading blog from Jose Luis Rodriguez
https://medium.com/mitre-attack/defining-attack-data-sources-part-i-
4c39e581454f
Create more meaningful data sources for Cloud
Refactor to align to events and API calls within these logs instead
Align to future Cloud platform updates

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
We need your help!
thoughts on how can we improve ATT&CK for Cloud?
opinions on our platform or data source plans?

�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13
attack@mitre.org
@MITREattack
Jen Burns
@snarejen

Contenu connexe

Tendances

Smart City Lab 3 - Publishing Data from your Sensor

Peter Waher

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

SBWebinars

In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016. Report highlights: - Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation. - Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps. - 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly. - Enterprises have an average of 935 cloud apps in use, a slight rise from 917 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively. - Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.

June 2016 Worldwide Netskope Cloud Report

Netskope

What incentives do you have, to allow others use your devices that you’ve invested in to provide data to your systems? Allowing third parties access to your devices places load on them, possibly degrading your own system performance. It also allows your competitors to provide competing services, without having to invest in devices. The lack of incentives to allow others to access devices creates closed verticals, or silos. Competing companies must install duplicate devices doing the same thing, to be able to provide a similar service. This is not smart. Being able to reutilize existing devices for new applications is vital to realizing the Smart City. Apart from avoiding unnecessary spending, it allows for smarter use of existing resources. It also allows cross-domain fertilization, creating new types of opportunities, not in the scope of existing companies. To provide incentives for device owners to allow access to their devices by third parties, IEEE IoT Harmonization provides a means for owners to publish contracts for their devices. Anyone accepting the conditions gain access to the devices. The infrastructure maintains a record of usage, issues transactions and provides an economic feedback, based on usage, back to the owners of the devices. In this model, it can become lucrative to be a thing o data publisher. Multiple consumers get a natural way to split the costs of common hardware, based on usage. Constrained resources can be naturally divided between consumers.

Smart City Lecture 6 - Earning by Sharing in the Smart City

Peter Waher

In the first lab, we assemble a sensor and an actuator utilizing Raspberry Pi (or another prototype board) and Arduino. We learn how to use Windows 10 for IoT and use the most common tools. Bring your Raspberry Pi (or prototype board of your choice), including SD card, casing, etc. If you want to connect analog devices using Arduino, bring an Arduino that you can connect via USB. We will build simple applications, learn to run, test and debug them. We will use Visual Studio for development. The Arduino IDE will be used to prepare our Arduino boards with the Firmata Firmware, which makes it easy to communicate with. The Windows 10 IoT Core Dashboard application will be used to install Windows 10 IoT on your device, and to manage them once installed. Windows Remote Experience can be used to experiment with your Arduino board, and connected devices, directly. We will follow the steps laid out in the first three chapters of “Mastering Internet of Things”.

Smart City Lab 1 - Sensors and Actuators

Peter Waher

Smart City Lab 6 - Decision Support for your Devices

Peter Waher

In this lab, we will connect our devices to the XMPP network and start interacting with them. We will learn how devices are identified on the global network, how to connect our devices, how to make friends with them and how to exchange simple messages (chat) with them. We will demonstrate that communication is network topology independent, in that communication can bypass firewalls in a secure manner. This is done by installing a chat application on our phone and use it to chat with the devices. This lab continues the work done in the previous lab. Participants that did not attend the previous lab will be given the opportunity to work on the first lab during the lab. There will also be an opportunity to meet earlier at GOTO 10 to discuss previous work, labs and related areas. If you want to connect your own devices, please bring them along. I’ll help get them connected. Also consider visiting the Smart City Lectures.

Smart City Lab 2 - Connect and Chat with your Device

Peter Waher

Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...

Mark Silverberg

Is your cloud GDPR compliant?

Jacklin Berry

Charting the Course Through Disruption with CSA Research

Carolina Ozán

APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019

Daniel Weiss

SYN111: What's New and Exciting with XenMobile

Citrix

Cybersecurity decisions have direct implications to individuals, enterprises and organizations but also have broader societal implications than ever before. In 2020 and beyond, technology promises to change our own experience and enhance our way of life, and those of our customers, significantly. This reliance and targeting have been magnified during COVID19, where the cybercriminals have sunk to new lows at the same time as that reliance on tech has increased. This session will explore how these technologies are going to change the experiences of our lives for the better and for the worse. It will explore the most recent cybersecurity breaches, predict the key security issues for 2020 and discuss current security priorities.

Cybersecurity 2020 threat landscape and its implications (AMER)

Cloudflare

Maintaining the right balance between security and customer experience is always challenging for online businesses. This challenge becomes even more relevant during this crisis as businesses face unprecedented levels of traffic and attacks. Tune in to learn how LendingTree leverages Cloudflare to strengthen their security posture while ensuring a superior online experience for their customers. Listen to security experts from LendingTree and Cloudflare as they discuss: Emerging attack vectors and tactics impacting online platforms Best practices for online businesses to overcome these threats How LendingTree leverages Cloudflare to maintain the right balance between security and business objectives

LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...

Cloudflare

SIEM game changer

Security Dialog

The 1% Who Can Take Down your Organization

CloudLock

C-Level tools for Cloud security

Vladimir Jirasek

Garantice la continuidad de su negocio Damian Prieto

Cristian Garcia G.

Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...

MarketingArrowECS_CZ

Browsers are historically one of the most vulnerable pieces of software. In SYN 321, we will cover: • How to lock down browsers at the end point for accessing both virtualized and web environments • Guidance for hardening published browsers, including group policy and PowerShell configuration of security policies • How to tune browser components to be application-specific and further minimize the attack surface Watch SYN 321 on SynergyTV and follow along using the slides here. http://live.citrixsynergy.com/2016/player/ondemandplayer.php?presentation_id=01feac45-e487-4a8e-8451-9ec41bb20d6c

SYN 321: Securing the Published Browser

Citrix

Tendances (20)

Smart City Lab 3 - Publishing Data from your Sensor

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

June 2016 Worldwide Netskope Cloud Report

Smart City Lecture 6 - Earning by Sharing in the Smart City

Smart City Lab 1 - Sensors and Actuators

Smart City Lab 6 - Decision Support for your Devices

Smart City Lab 2 - Connect and Chat with your Device

Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...

Is your cloud GDPR compliant?

Charting the Course Through Disruption with CSA Research

APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019

SYN111: What's New and Exciting with XenMobile

Cybersecurity 2020 threat landscape and its implications (AMER)

LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...

SIEM game changer

The 1% Who Can Take Down your Organization

C-Level tools for Cloud security

Garantice la continuidad de su negocio Damian Prieto

Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...

SYN 321: Securing the Published Browser

Similaire à What's New with ATTACK for Cloud?

At AWS, we bring together our partners and AWS IoT services to offer solutions, including hardware solutions, that leverage edge and cloud technologies used to build IoT applications with edge computing capabilities. These solutions provide customers with the intelligence needed to achieve real business outcomes. In this session, learn how we work with our partner community to develop strategies and build solutions.

The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...

Amazon Web Services

AWS IoT Day - Introduction

Amazon Web Services

Observability Enhancements in Steeltoe

VMware Tanzu

Get hands-on with the main components of AWS IoT Core. In this session, you learn how to connect and manage your devices, secure device connections and data, process and act upon device data, and read and set device state at any time. Work with the device gateway and high-throughput message broker to securely transmit messages among all your IoT devices and applications. Set up the registry to track device attributes and metadata and create a persistent, virtual version of each device. Finally, explore the rules engine to author rules within the management console or using a SQL-like syntax. Please bring a laptop, and make sure to sign up for an AWS account.

Getting started with AWS IoT Core - SVC306 - New York AWS Summit

Amazon Web Services

Public Cloud Security Blueprint

Amazon Web Services

NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...

Amazon Web Services

ThousandEyes Webinar - Clash of the Clouds

ThousandEyes

Partner Briefing_January 25 (FINAL).pptx

Cloudera, Inc.

IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services

Torsten Steinbach

IoT (IIoT) bridges the gap between legacy industrial equipment and infrastructure and new technologies, such as machine learning, cloud, mobile, and edge computing. In this session, we focus on how you can extract data from your industrial data sources and build operational insights using AWS IoT services. We cover how to bridge traditional on-premises applications and data stores with new cloud-based IoT applications.

Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...

Amazon Web Services

AWS GovCloud (US) is an isolated AWS region designated to allow US government agencies and organizations in highly-regulated industries to move sensitive data and regulated IT workloads to the cloud by addressing their specific regulatory and compliance requirements. These organizations are increasingly integrating SaaS technologies into their IT environments; however, they often require SaaS products to address the same compliance features of the GovCloud region. This session will discuss how SaaS vendors should approach migrating to GovCloud (US), key architecture, compliance and operational considerations and best practices for bringing a SaaS product on GovCloud (US) to market. This session also shows you how to meet acquisition and procurement policies with AWS Marketplace for AWS GovCloud (US).

How to Architect and Bring to Market SaaS on AWS GovCloud (US)

Amazon Web Services

Gathering performance metrics such as Overall Equipment Effectiveness (OEE) from industrial equipment is difficult because data is often locked into proprietary on-premises data stores and typically requires specialized expertise to retrieve and put into a useful format for searching and analysis. In this session, we show you how AWS IoT SiteWise makes it easy to collect and organize data from industrial equipment. We show you how to compute common industrial performance metrics, build applications to analyze industrial equipment data, prevent costly equipment issues, and reduce production inefficiencies.

Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...

Amazon Web Services

AWSome Day Online 2020_Module 1: Introduction to the AWS Cloud

Amazon Web Services

Jahia Cloud Offerings by Julian Maurel & Abass Safoutou

Jahia Solutions Group

C3.ai had an interesting problem, as they needed a developer portal to host documentation that that was sourced from a very complex documentation set: Some of the documentation existed as markdown docs Guides were composites of several markdown docs but the majority of the reference documentation is generated from the code itself. We generated thousands of reference docs for various versions of this platform. Additionally, the developer portal needed to interface with their external community forum. And it needed to be delivered very quickly: the project started in mid-October, 2019, and was delivered in time for C3.ai’s Transform conference, an annual customer event held in February, 2020. This talk shares the journey of the portal with challenges and milestones.

Case Study: Creating a DocOps/Docs-As-Code DevPortal for C3.ai

Pronovix

In this session, learn how to use AWS IoT services to build devices that can be used in regulated industries, like healthcare and pharma manufacturing. Come hear from AWS solution architects about how you can use the AWS IoT Core to enable your devices, services like AWS Greengrass to build devices that have local compute, messaging, data caching, sync, and machine learning inference capabilities and AWS IoT Analytics to run sophisticated analytics on massive volumes of IoT data without having to worry about all the cost and complexity typically required to build your own IoT analytics platform. You will also hear about how you can set up the fine-grained access control, auditability, and automated guardrails necessary for the creation and maintenance of regulated workloads following Good Laboratory, Clinical, and Manufacturing Practices (GxP) and other industry standards and ISOs.

Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018

Amazon Web Services

Il cloud ibrido fa riferimento all'uso di risorse locali in aggiunta alle risorse pubbliche del cloud. Un cloud ibrido consente a un'organizzazione di migrare applicazioni e dati nel cloud, estendere la capacità del data center, utilizzare nuove funzionalità native del cloud, avvicinare le applicazioni ai clienti e creare una soluzione di backup e disaster recovery con una elevata disponibilità. In questa sessione verranno presentate le principali architetture ed i tool AWS per realizzarle.

Costruire Architetture Ibride con AWS

Amazon Web Services

In this session, we'll walk through the fundamentals of Amazon VPC, including: build-out, design details, picking your IP space, subnetting, routing, security and NAT. Then, we'll look at different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This session is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with Amazon VPC.

Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...

Amazon Web Services

WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...

Jill Kirkpatrick

Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit

Amazon Web Services

Similaire à What's New with ATTACK for Cloud? (20)

The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...

AWS IoT Day - Introduction

Observability Enhancements in Steeltoe

Getting started with AWS IoT Core - SVC306 - New York AWS Summit

Public Cloud Security Blueprint

NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...

ThousandEyes Webinar - Clash of the Clouds

Partner Briefing_January 25 (FINAL).pptx

IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services

Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...

How to Architect and Bring to Market SaaS on AWS GovCloud (US)

Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...

AWSome Day Online 2020_Module 1: Introduction to the AWS Cloud

Jahia Cloud Offerings by Julian Maurel & Abass Safoutou

Case Study: Creating a DocOps/Docs-As-Code DevPortal for C3.ai

Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018

Costruire Architetture Ibride con AWS

Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...

WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...

Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit

Plus de MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour January 2021 By Valentine Mairet, Security Researcher, McAfee The MITRE ATT&CK framework is the industry standard to dissect cyberattacks into used techniques. At McAfee, all attack information is disseminated into different categories, including ATT&CK techniques. What results from this exercise is an extensive repository of techniques used in cyberattacks that goes back many years. Much can be learned from looking at historical attack data, but how can we piece all this information together to identify new relationships between threats and attacks? In her recent efforts, Valentine has embraced analyzing ATT&CK data in graphical representations. One lesson learned is that it is not just about merely mapping out attacks and techniques used into graphs, but the strength lies in applying different algorithms to answer specific questions. In this presentation, Valentine will showcase the results and techniques obtained from her research journey using graph and graph algorithms.

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour January 2021 By Adam Pennington, ATT&CK Lead, MITRE Adam leads ATT&CK at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK’s initial techniques. He has spent much of his 12 years with MITRE studying and preaching the use of deception for intelligence gathering. Prior to joining MITRE, Adam was a researcher at Carnegie Mellon’s Parallel Data Lab and earned his BS and MS degrees in Computer Science and Electrical and Computer Engineering as well as the 2017 Alumni Service Award from Carnegie Mellon University. Adam has presented and published in a number of venues including FIRST CTI, USENIX Security and ACM Transactions on Information and System Security.

State of the ATTACK

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour January 2021 By Gert-Jan Bruggink, Defensive Specialist, FalconForce Adversaries are humans as well. They have objectives, deadlines and resources for programming. In a sense, very similar to corporations grounded in the economics of effort vs time vs results. Now understanding techniques is one thing, taking it a step further and understanding what the economic impact is of using certain techniques is another. Developing tools takes time. For example, developing a custom process injection module might take days or weeks to develop, where using an open source tool could prevent extensive development costs incurred. This talk explores the economic considerations for defending against techniques used by adversaries. It explores fundamental considerations all referenced to MITRE’s ATT&CK framework. The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises.

ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour January 2021 By Daniel Wyleczuk-Stern, Senior Security Engineer, Snowflake Cyber security is inherently a function of risk management. Risk management is the identification, evaluation, and prioritization of risks followed by the effort to reduce those risks in a coordinated and economical manner (thanks wikipedia!). In this talk, Daniel will be going over some strategies for measuring and prioritizing your cyber risks using MITRE ATT&CK. He'll discuss some lessons learned in atomic testing of techniques vs attack chaining as well as what to measure and how to make decisions with that data.

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

MITRE - ATT&CKcon

MITRE ATTACKcon Power Hour - January

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Jacob Benjamin, Principal Industrial Consultant Dragos, INL, & University of Idaho Design Basis Threat (DBT) is concept introduced by the Nuclear Regulatory Commission (NRC). It is a profile of the type, composition, and capabilities of an adversary. DBT is the key input nuclear power plants use for the design of systems against acts of radiological sabotage and theft of special nuclear material. The NRC expects its licensees, nuclear power plants, to demonstrate that they can defend against the DBT. Currently, cyber is included in DBTs simply as a prescribed list of IT centric security controls. Using MITRE’s ATT&CK framework, Cyber DBTs can be created that are specific to the facility, its material, or adversary activities.

Using ATTACK to Create Cyber DBTS for Nuclear Power Plants

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Hieu Tran, Threat Detection Team Lead FPT Cybersecurity Division No matter how sophisticated and thorough your security precautions may be, you cannot assume your security measures are impenetrable. This is why you need a threat hunting program in place. But how can we implement a proper threat hunting program and run it efficiently? In this talk, we will uncover how to sharpen your threat hunting strategy by leveraging ATT&CK. Ultimately, we’ll be demonstrating how effectively employing the hunting methodology in the real-world battlefield, fighting against well-known cyber espionage actors who strongly focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.

Sharpening your Threat-Hunting Program with ATTACK Framework

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Valentina Palacín, Sr. Cyber Threat Intelligence Analyst No one can deny the tremendous impact that ATT&CK had on the cybersecurity industry, nor the usefulness of having a good Threat Library at your disposal. But the question Valentina gets asked over and over by people from small companies is always the same: “How could I leverage threat intelligence using ATT&CK with limited time and resources?” And so far, there hasn't been a good answer. That’s why she decided to come up with the Threat Mapping Catalogue (TMC), a tool that combines the power of the mappings already available in the ATT&CK website, TRAM and the ATT&CK Navigator, to better process, consume and incorporate new mappings while organizing them around different categories.

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Katie Nickels, Director of Intelligence, Red Canary Good analysts (and good human beings) change their minds based on new information. In this presentation, Katie will share how her perspectives on ATT&CK have changed since moving from ATT&CK team member to ATT&CK end-user. She will discuss how her ideas about coverage, procedures, and detection creation have evolved and why those perspectives matter. Katie will also share practical examples from observed threats to help explain the nuances of her perspectives. Attendees should expect to leave this presentation with a better understanding of how to handle challenges they’re likely to face when navigating their own ATT&CK journey.

From Theory to Practice: How My ATTACK Perspectives Have Changed

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour November 2020 By: Jamie Williams, Lead Cyber Adversarial Engineer, MITRE Mike Hartley, Lead Cybersecurity Engineer, MITRE In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020 Jamie Williams and Mike Hartley from MITRE discuss the process for merging PRE-ATT&CK and adding two new tactics to Enterprise ATT&CK – Reconnaissance and Resource Development.

Putting the PRE into ATTACK

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour November 2020 By Matt Snyder, Senior Threat Analytics Engineer, VMware The market for Security products is flooded with vendors offering all sorts of solutions, and organizations are spending a record amount of money defending their environments. Nevertheless, an increasing number of breaches are reported each year, resulting in organizations spending millions of dollars to remediate them. The Security industry responds with more products, all offering to stop the next breach, and the cycle continues. In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020, Matt discusses what VMware is doing internally to address this fundamental flaw in the Security industry and how they are leveraging the MITRE ATT&CK framework to reshape how we think about security.

What's a MITRE with your Security?

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour November 2020 By Anthony Randazzo, Global Response Lead, Expel The team at Expel has been migrating to the cloud for the last 10 years, but as usual, security has lagged behind. Which means we don't have a comprehensive detection and response framework for cloud like we do with the Enterprise ATT&CK matrix. Cloud has evolved into a complex beast as technologies and concepts – like Infrastructure As Code, Containers, Kubernetes and so forth – have emerged. These new attack surfaces have been added that introduce additional challenges to detection and response in our cloud environments. We don't know what we don't know about attack life cycles in the cloud. In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020, Anthony shares some interesting lessons learned so far when it comes to finding bad guys in the cloud.

ATTACKing the Cloud: Hopping Between the Matrices

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour November 2020 By Allie Mellen, Security Strategist, Office of the CSO, Cybereason In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, Allie discusses how the Cybereason research team uses both MITRE ATT&CK and MITRE ATT&CK for Mobile to map and communicate new malware to the larger security community. Teams use the MITRE ATT&CK framework to share techniques, tactics, and procedures with their team and the community at large. This knowledge base has been incredibly beneficial for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Many of these uses have centered around traditional endpoints like laptops and workstations. However, the MITRE ATT&CK team has also created a cutting-edge portion of their framework: MITRE ATT&CK for Mobile. One of the most recent pieces of malware they have found is EventBot, a mobile banking trojan that targets Android devices and the financial services applications on them, including popular apps like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase, paysafecard, and many more. In this talk, learn about this specific attack, intended targets, a timeline of the attack, and the MITRE ATT&CK for Mobile mapping. Learn why the Cybereason team map to MITRE ATT&CK and MITRE ATT&CK for Mobile and what benefits it has given them and their interactions with the community.

Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour October 2020 By Matan Hart, Co-Founder & CEO Cymptom @machosec Adversary emulation is commonly used to validate security controls and is considered one of the most popular use-cases for the ATT&CK framework. However, emulating adversary TTPs on production environments is often very limited in testing scope and frequency, and such practice may cause unwanted business disruption. In this talk from the MITRE ATT&CKcon Power Hour session on October 9, 2020, Hart presents a different approach to testing controls against ATT&CK. He demonstrates how it is possible to provide data-based methods to evaluate the exploitability of ATT&CK techniques by gathering information from the network, endpoint, and services; this unique approach does not emulate any sort of malicious action, thus reducing the potential of causing business disruption to the minimum. Hart also outlines a new open-source guideline based on ATT&CK mitigations, that security teams can use to assess their security posture non-intrusively and at scale.

Transforming Adversary Emulation Into a Data Analysis Question

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour October 2020 By Brandon Levene, Head of Applied Intelligence Google, @seraphimdomain Opportunistically targeted ransomware deployments, aka Big Game Hunting (BGH), have caused a distinct disruption in the mechanics of monetizing crimeware compromises. This strategy has become the “end game” for the majority of organized cybercrime organizations, and one effect of this shift is the increased emphasis on enterprise-level targets. In this talk from the MITRE ATT&CKCon Power Hour session on October 9, 2020, Levene walks us through research about how a specific BGH threat actor pursues entry points, gains its foothold, pivots, and deploys payloads to maximize their financial gains with minimal effort - and infrastructure! You’ll walk away with an understanding of the latest BGH TTPs seen in enterprise environments, and how they map to the ATT&CK framework so you can build this research into your threat detection strategy and enhance your defenses.

TA505: A Study of High End Big Game Hunting in 2020

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour October 2020 By: Aunshul Rege, Associate Professor, Temple University, @prof_rege Rachel Bleiman, PhD Student/NSF Graduate Research Assistant, Temple University, @rab1928 This presentation from the MITRE ATT&CKcon Power Hour session on October 9, 2020, explores the application of the MITRE ATT&CK® and PRE-ATT&CK matrices in cybercrime education and research. Specifically, Rege and Bleiman demonstrate the mapping of the PRE-ATT&CK matrix to social engineering case studies as an experiential learning project in an upper-level cybercrime liberal arts course. It thus allows students to understand the alignment process of threat intelligence to the PRE-ATT&CK framework and also learn about its usefulness/limitations. The talk also discusses the mapping of the ATT&CK matrix, tactics, techniques, software, and groups for two cybercrime datasets created by collating publicly disclosed incidents: (i) critical infrastructure ransomware (CIRW) incidents, and (ii) social engineering (SE) incidents. For the CIRW dataset, 39% of the strains mapped onto the ATT&CK software. For the SE dataset, 49% of the groups and 65% of the techniques map on to the MITRE framework. This helps the researchers identify the framework's usefulness/limitations and also helps our datasets connect to richer information that may not otherwise be available in the publicly disclosed incidents.

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour - October By Brian Donohue, Security Evangelist, Red Canary, @thebriandonohue In early 2018, Red Canary adopted MITRE ATT&CK as the common language that they would use to categorize threats, measure detection coverage, and communicate about malicious behaviors. In the intervening years, they’ve relied on the framework to develop open source tools like Atomic Red Team and help security teams prioritize their defensive efforts with blogs and our annual Threat Detection Report. In early 2020, MITRE announced that ATT&CK would be expanding its original taxonomy of tactics and techniques to include sub-techniques. In the months that followed MITRE's announcement, Red Canary’s research, intelligence, and detection engineering teams painstakingly remapped their library of thousands of behavioral analytics to sub-techniques. In doing so, they improved their correlational logic, experimented with the idea of conditional technique mapping, and, unfortunately, rendered the 2020 Threat Detection Report out-of-date. In this talk from the MITRE ATT&CKcon Power Hour session on October 9, 2020, Brian discusses how refactoring for sub-techniques offered us the opportunity to apply all the lessons learned in more than two years of operationalizing ATT&CK. He also explores how Red Canary has remodeled its ATT&CK mapping to allow for added flexibility and human input and shows what happens when the Red Canary applied their new sub-technique mappings to the 2020 Threat Detection Report.

Starting Over with Sub-Techniques

MITRE - ATT&CKcon

MITRE ATTACKCon Power Hour - December

MITRE - ATT&CKcon

MITRE ATT&CKcon Power Hour - November

MITRE - ATT&CKcon

MITRE ATTACKcon Power Hour - October

MITRE - ATT&CKcon

Plus de MITRE - ATT&CKcon (20)

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence

State of the ATTACK

ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries

Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...

MITRE ATTACKcon Power Hour - January

Using ATTACK to Create Cyber DBTS for Nuclear Power Plants

Sharpening your Threat-Hunting Program with ATTACK Framework

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

From Theory to Practice: How My ATTACK Perspectives Have Changed

Putting the PRE into ATTACK

What's a MITRE with your Security?

ATTACKing the Cloud: Hopping Between the Matrices

Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile

Transforming Adversary Emulation Into a Data Analysis Question

TA505: A Study of High End Big Game Hunting in 2020

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research

Starting Over with Sub-Techniques

MITRE ATTACKCon Power Hour - December

MITRE ATT&CKcon Power Hour - November

MITRE ATTACKcon Power Hour - October

Dernier

Tuvalu Coastal Adaptation Project (TCAP)

NAP Global Network

Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Service At Affordable Rate Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 01-may-2024(v.n)

Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...

Call Girls in Nagpur High Profile

An Atoll Futures Research Institute? Presentation for CANCC

NAP Global Network

The U.S. Budget and Economic Outlook (Presentation)

Congressional Budget Office

Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K High Profile Escorts In Wardha WhatsApp Chat With Parul:-8617370543 There are a number of Wardha Escorts willing to meet you at an affordable rate, which also possesses high moral standards and humanitarian tendencies. These girls can help satisfy the sexual desires of clients without fail; it is therefore essential that clients select an established service. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call

Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...

Dipal Arora

Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...

tanu pandey

The Economic and Organised Crime Office (EOCO) has been advised by the Office...

nservice241

Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With Best Shot Night Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...

tanu pandey

Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...

Chandigarh Call girls 9053900678 Call girls in Chandigarh

Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking

roncy bisnoi

Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...

tanu pandey

celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔$V15 ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour

Call Girls in Nagpur High Profile

Financing strategies for adaptation. Presentation for CANCC

NAP Global Network

Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking

roncy bisnoi

Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...

tanu pandey

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

Call Girls in Chandni Chowk (delhi) call me [9953056974] escort service 24X7

9953056974 Low Rate Call Girls In Saket, Delhi NCR

2024 Zoom Reinstein Legacy Asbestos Webinar

Linda Reinstein

1935 CONSTITUTION REPORT IN RIPH FINALLS

arandianics

2024: The FAR, Federal Acquisition Regulations, Part 30

JSchaus & Associates

TEST BANK For Essentials of Negotiation, 7th Edition by Roy Lewicki, Bruce Ba...

robinsonayot

Dernier (20)