Collaborate Disseminate
This Thursday, March 7, 2019, I’ll be facilitating a Learning Lab titled Fine Tuning Your Cyber-Defense Technologies with the ATT&CK Framework at the 2019 RSA Conference in San Francisco, CA. This will be my fourth time speaking at RSA, and t… Continue reading Fine-Tuning Cybersecurity with the ATT&CK Framework
Over the past few years, I’ve had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and pique their interest in (a career in) security. The goal of any teache… Continue reading Using ATT&CK As a Teacher
Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case of ransomware. In each case of command and control, the attacker … Continue reading The MITRE ATT&CK Framework: Command and Control
Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage. Ransomware, for example, usually has no interest in exfiltratin… Continue reading The MITRE ATT&CK Framework: Exfiltration
The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives. I see most of these techniques as being useful for describing what a piece of malware or threat act… Continue reading The MITRE ATT&CK Framework: Collection
It will be rare that an attacker exploits a single system and does not attempt any lateral movement within the network. Even ransomware that typically targets a single system at a time has attempted to spread across the network looking for other victim… Continue reading The MITRE ATT&CK Framework: Lateral Movement
The Discovery tactic is one which is difficult to defend against. It has a lot of similarities to the Reconnaissance stage of the Lockheed Martin Cyber Kill Chain. There are certain aspects of an organization which need to be exposed in order to operat… Continue reading The MITRE ATT&CK Framework: Discovery
There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero day or risk noisy exploits when you can just log in instead? If you were to break into a house, would you rather… Continue reading The MITRE ATT&CK Framework: Credential Access
This tactic has the most techniques of any of the other tactics discussed in the MITRE ATT&CK Framework so far. What I find interesting about these techniques is that they expose the tradecraft of the various threat actors behind malware attacks. A… Continue reading The MITRE ATT&CK Framework: Defense Evasion
Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access. Since I have spent most of my time on the d… Continue reading The MITRE ATT&CK Framework: Privilege Escalation