Collaborate Disseminate
For the majority of people in the information security world, the act of offensive hacking is something they are tasked with protecting against but have little ability to do themselves. That is like asking a professional boxer to enter the ring without… Continue reading Red Teaming for Blue Teamers: A Practical Approach Using Open Source Tools
The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission, provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automa… Continue reading ISA Global Cybersecurity Alliance: Your Expertise is Needed
Over the past few years, I’ve had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and pique their interest in (a career in) security. The goal of any teache… Continue reading Using ATT&CK As a Teacher
According to Gartner, threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable intelligence. When security research teams or government agencies release threat intelligence reports, some of… Continue reading Hash Hunting: Why File Hashes are Still Important
Masquerading is a technique used in which a file name is maliciously named something similar to one which may be trusted. This specific technique is outlined in detail in the MITRE ATT&CK framework, as well. For example, a file named explorer.exe m… Continue reading The Masquerade Ball: Train Yourself to Detect Spoofed Files
The digital world has borrowed terminology and principals form the kinetic world for decades. We’ve all heard of an upcoming cyber war using cyber bullets spawned from the digital pearl harbor. We have gangs, as well as cyber-gangs, or criminals,… Continue reading Incident Response Basics: Getting started with DFIR
Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case of ransomware. In each case of command and control, the attacker … Continue reading The MITRE ATT&CK Framework: Command and Control
Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage. Ransomware, for example, usually has no interest in exfiltratin… Continue reading The MITRE ATT&CK Framework: Exfiltration
The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives. I see most of these techniques as being useful for describing what a piece of malware or threat act… Continue reading The MITRE ATT&CK Framework: Collection
It will be rare that an attacker exploits a single system and does not attempt any lateral movement within the network. Even ransomware that typically targets a single system at a time has attempted to spread across the network looking for other victim… Continue reading The MITRE ATT&CK Framework: Lateral Movement