ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2Jira

•

0 j'aime•163 vues

Mauricio Velazco

Tracking and Measuring ATT&CK Coverage with attack2jira

Technologie

Tracking &
Measuring
ATT&CK
coverage with
attack2jira
Mauricio Velazco
@mvelazco
https://github.com/mvelazc0/

Requirements
✘ Manage ATT&CK
techniques as entities
✘ Track state/maturity over
time
✘ Interface that allows
collaboration: log work,
attach documentation,
comments, etc.
✘ Basic reporting

Attack2jira
✘ Leverages JIRA’s Api and Roberto’s attackcti library
(https://github.com/hunters-forge/ATTACK-Python-Client)
✘ Automates the process of setting up a JIRA project that can
be used to track and measure ATT&CK coverage:
✘ Creates a JIRA Project
✘ Creates custom ﬁelds: url, tactic & maturity.
✘ Hides unnecessary ﬁelds
✘ Creates JIRA issues for each ATT&CK technique

Demo 1
https://youtube.com/watch?v=2f6AxLtr_3k

Demo 2
https://youtube.com/watch?v=e-RumA6pSs8

Tracking &
Measuring
ATT&CK
coverage with
attack2jira
Mauricio Velazco
@mvelazco
https://github.com/mvelazc0/
https://github.com/mvelazc0/attack2jira
https://attack.atlassian.net

Recommandé

BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue TeamMauricio Velazco

Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...Mauricio Velazco

MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon

MITRE ATT&CKcon 2.0: Tracking and Measuring ATT&CK Coverage with ATTACK2Jira ...MITRE - ATT&CKcon

Security War GamesSeniorStoryteller

Rugged DevOps at Scale with Rich MogullSeniorStoryteller

There’s an OpenBullet Attack Config for Your Site – What Should You Do?DevOps.com

MITRE ATT&CKcon 2018: Building an Atomic Testing Program, Brian Beyer, Red Ca...MITRE - ATT&CKcon

Recommandé

BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue TeamMauricio Velazco

Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...Mauricio Velazco

MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon

MITRE ATT&CKcon 2.0: Tracking and Measuring ATT&CK Coverage with ATTACK2Jira ...MITRE - ATT&CKcon

Security War GamesSeniorStoryteller

Rugged DevOps at Scale with Rich MogullSeniorStoryteller

There’s an OpenBullet Attack Config for Your Site – What Should You Do?DevOps.com

MITRE ATT&CKcon 2018: Building an Atomic Testing Program, Brian Beyer, Red Ca...MITRE - ATT&CKcon

DevSecOps for Developers: How To StartPatricia Aas

Stephen Sadowski - Securely automating infrastructure in the cloudDevSecCon

Avalanche DisclosureHackApp

Secure development in .NET with EPiServer SolitaJoona Immonen

BlueHat v18 || Improving security posture through increased agility with meas...BlueHat Security Conference

NGINX User Summit. Wallarm llightning talkWallarm

My tryst with sourcecode reviewAnant Shrivastava

Detection and Response RolesFlorian Roth

Kioptrix 2014 5Jayesh Patel

Deploying a Shadow Threat Intel Capability at Thotcon on May 6, 2016grecsl

DevSecCon Singapore 2018 - Remove developers’ shameful secrets or simply rem...DevSecCon

IT security for all. Bootcamp slidesWallarm

When the internet bleeded : RootConf 2014Anant Shrivastava

Securing your web applications a pragmatic approachAntonio Parata

Basics of Meterpreter EvasionNipun Jaswal

Security in open source projectsJose Manuel Ortega Candel

The Log4Shell Vulnerability – explained: how to stay secureKaspersky

Penetration testing, What’s this?Dmitry Evteev

My pwk & oscp journeyM.Syarifudin, ST, OSCP, OSWP

Meeting rooms are talking. Are you listeningCisco DevNet

Meeting rooms are talking! are you listening?Cisco DevNet

Adversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES

Contenu connexe

Tendances

DevSecOps for Developers: How To StartPatricia Aas

Stephen Sadowski - Securely automating infrastructure in the cloudDevSecCon

Avalanche DisclosureHackApp

Secure development in .NET with EPiServer SolitaJoona Immonen

BlueHat v18 || Improving security posture through increased agility with meas...BlueHat Security Conference

NGINX User Summit. Wallarm llightning talkWallarm

My tryst with sourcecode reviewAnant Shrivastava

Detection and Response RolesFlorian Roth

Kioptrix 2014 5Jayesh Patel

Deploying a Shadow Threat Intel Capability at Thotcon on May 6, 2016grecsl

DevSecCon Singapore 2018 - Remove developers’ shameful secrets or simply rem...DevSecCon

IT security for all. Bootcamp slidesWallarm

When the internet bleeded : RootConf 2014Anant Shrivastava

Securing your web applications a pragmatic approachAntonio Parata

Basics of Meterpreter EvasionNipun Jaswal

Security in open source projectsJose Manuel Ortega Candel

The Log4Shell Vulnerability – explained: how to stay secureKaspersky

Penetration testing, What’s this?Dmitry Evteev

My pwk & oscp journeyM.Syarifudin, ST, OSCP, OSWP

Tendances (19)

DevSecOps for Developers: How To Start

Stephen Sadowski - Securely automating infrastructure in the cloud

Avalanche Disclosure

Secure development in .NET with EPiServer Solita

BlueHat v18 || Improving security posture through increased agility with meas...

NGINX User Summit. Wallarm llightning talk

My tryst with sourcecode review

Detection and Response Roles

Kioptrix 2014 5

Deploying a Shadow Threat Intel Capability at Thotcon on May 6, 2016

DevSecCon Singapore 2018 - Remove developers’ shameful secrets or simply rem...

IT security for all. Bootcamp slides

When the internet bleeded : RootConf 2014

Securing your web applications a pragmatic approach

Basics of Meterpreter Evasion

Security in open source projects

The Log4Shell Vulnerability – explained: how to stay secure

Penetration testing, What’s this?

My pwk & oscp journey

Similaire à ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2Jira

Meeting rooms are talking. Are you listeningCisco DevNet

Meeting rooms are talking! are you listening?Cisco DevNet

Adversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES

HITCON Defense Summit 2019 －從 SAST 談持續式資安測試Secview

Baremetal deploymentbaremetal

Choose Your Own Adventure with JHipster & Kubernetes - Utah JUG 2020Matt Raible

What's Rio 〜Standalone〜cyberblack28 Ichikawa

Exploring the GitHub Service UniverseBjörn Kimminich

Developer in a digital crosshair, 2022 edition - No cON NameSecuRing

Apache StreamPipes – Flexible Industrial IoT ManagementApache StreamPipes

App funnel project status silver boot campBethany Rentz

Keymetrics pm2Alexandre Strzelewicz

Baremetal deployment scalebaremetal

Swagger code motion talkVictor Trakhtenberg

Dart on Arm - Flutter Bangalore June 2021Chris Swan

DWX 2022 - DevSecOps mit GitHubMarc Müller

BugBounty Tips.pdfKhaledMohamed767546

Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...YuChianWu

Stève Sfartz - Meeting rooms are talking! Are you listening? - Codemotion Ber...Codemotion

Similaire à ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2Jira (20)

Meeting rooms are talking. Are you listening

Meeting rooms are talking! are you listening?

Adversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUES

HITCON Defense Summit 2019 －從 SAST 談持續式資安測試

Baremetal deployment

Choose Your Own Adventure with JHipster & Kubernetes - Utah JUG 2020

What's Rio 〜Standalone〜

Exploring the GitHub Service Universe

Developer in a digital crosshair, 2022 edition - No cON Name

Apache StreamPipes – Flexible Industrial IoT Management

App funnel project status silver boot camp

Keymetrics pm2

Baremetal deployment scale

Swagger code motion talk

Dart on Arm - Flutter Bangalore June 2021

DWX 2022 - DevSecOps mit GitHub

BugBounty Tips.pdf

Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...

Stève Sfartz - Meeting rooms are talking! Are you listening? - Codemotion Ber...

Plus de Mauricio Velazco

PurpleSharp BlackHat Arsenal AsiaMauricio Velazco

Detection-as-Code: Test Driven Detection Development.pdfMauricio Velazco

BSides Panama 2022Mauricio Velazco

BlackHat Arsenal 2021 : PurpleSharp - Active Directory Attack SimulationsMauricio Velazco

Defcon 29 Adversary Village: PurpleSharp - Automated Adversary SimulationMauricio Velazco

SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco

Bsides NYC 2018 - Hunting for Lateral MovementMauricio Velazco

LimaHack 2011 - Stuxnet : El arma del futuroMauricio Velazco

Peruhack 2015 - Cyberespionaje de NacionesMauricio Velazco

PeruHack 2014 - Post Explotacion en Entornos WindowsMauricio Velazco

Limahack 2010 - Creando exploits para GNU/LinuxMauricio Velazco

Limahack 2009 - SSL no esta roto ... o si ?Mauricio Velazco

Bsides Latam 2019Mauricio Velazco

SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...Mauricio Velazco

Defcon 27 - Writing custom backdoor payloads with C#Mauricio Velazco

Derbycon 2017: Hunting Lateral Movement For Fun & ProfitMauricio Velazco

Bsides Long Island 2019Mauricio Velazco

Bsides Baltimore 2019: Embrace the Red Enhancing detection capabilities with ...Mauricio Velazco

Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Mauricio Velazco

LinuxWeek 2010 - Client Side AttacksMauricio Velazco

Plus de Mauricio Velazco (20)

PurpleSharp BlackHat Arsenal Asia

Detection-as-Code: Test Driven Detection Development.pdf

BSides Panama 2022

BlackHat Arsenal 2021 : PurpleSharp - Active Directory Attack Simulations

Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation

SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks

Bsides NYC 2018 - Hunting for Lateral Movement

LimaHack 2011 - Stuxnet : El arma del futuro

Peruhack 2015 - Cyberespionaje de Naciones

PeruHack 2014 - Post Explotacion en Entornos Windows

Limahack 2010 - Creando exploits para GNU/Linux

Limahack 2009 - SSL no esta roto ... o si ?

Bsides Latam 2019

SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...

Defcon 27 - Writing custom backdoor payloads with C#

Derbycon 2017: Hunting Lateral Movement For Fun & Profit

Bsides Long Island 2019

Bsides Baltimore 2019: Embrace the Red Enhancing detection capabilities with ...

Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...

LinuxWeek 2010 - Client Side Attacks

Dernier

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3

Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes

Data governance with Unity Catalog PresentationKnoldus Inc.

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq

Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3

Take control of your SAP testing with UiPath Test SuiteDianaGray10

Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA

Time Series Foundation Models - current state and future directionsNathaniel Shimoni

Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan

TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc

TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes

Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3

2024 April Patch TuesdayIvanti

Dernier (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

Assure Ecommerce and Retail Operations Uptime with ThousandEyes

Data governance with Unity Catalog Presentation

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

Genislab builds better products and faster go-to-market with Lean project man...

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx

Take control of your SAP testing with UiPath Test Suite

Long journey of Ruby standard library at RubyConf AU 2024

Time Series Foundation Models - current state and future directions

Generative AI for Technical Writer or Information Developers

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy

TeamStation AI System Report LATAM IT Salaries 2024

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes

Generative Artificial Intelligence: How generative AI works.pdf

DevEX - reference for building teams, processes, and platforms

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx

2024 April Patch Tuesday

ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2Jira

1. Tracking & Measuring ATT&CK coverage with attack2jira Mauricio Velazco @mvelazco https://github.com/mvelazc0/

2. Requirements ✘ Manage ATT&CK techniques as entities ✘ Track state/maturity over time ✘ Interface that allows collaboration: log work, attach documentation, comments, etc. ✘ Basic reporting

3. Attack2jira ✘ Leverages JIRA’s Api and Roberto’s attackcti library (https://github.com/hunters-forge/ATTACK-Python-Client) ✘ Automates the process of setting up a JIRA project that can be used to track and measure ATT&CK coverage: ✘ Creates a JIRA Project ✘ Creates custom ﬁelds: url, tactic & maturity. ✘ Hides unnecessary ﬁelds ✘ Creates JIRA issues for each ATT&CK technique

4. Demo 1 https://youtube.com/watch?v=2f6AxLtr_3k

5. Demo 2 https://youtube.com/watch?v=e-RumA6pSs8

6. Tracking & Measuring ATT&CK coverage with attack2jira Mauricio Velazco @mvelazco https://github.com/mvelazc0/ https://github.com/mvelazc0/attack2jira https://attack.atlassian.net