Collaborate Disseminate
Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for defenders! Why Praetorian Benchmarks to MITRE ATT&CK: https://p16.praetorian.com/blog/why-praetorian-benchmarks-to-mit… Continue reading Joshua Abraham, Praetorian – Enterprise Security Weekly #135
As hackers continue to use native programming tools to blend into target networks, Mitre Corp. is beginning to test vendors’ ability to detect those techniques. The federally-funded, not-for-profit organization announced Wednesday it would throw the stealthy tactics of an infamous hacking group, the Russian-government-linked APT29, at several threat-detection products. But the evaluation is about more than one set of adversaries. The “living off the land” techniques, such as hiding in PowerShell scripts, that will be tested are increasingly popular with a variety of hacking groups. “A lot of these techniques are going to be implemented in similar ways from different adversaries,” said Frank Duff, Mitre’s lead for evaluations that use the organization’s ATT&CK framework. “PowerShell monitoring is that next thing that everyone recognizes is absolutely necessary,” he added. Mitre’s last round of testing focused on advanced persistent threats, mimicking the tactics of APT3, a China-based group known for using internet-browser exploits. But […]
The post MITRE asks vendors to do more to detect stealthy hacks appeared first on CyberScoop.
Continue reading MITRE asks vendors to do more to detect stealthy hacks
The MITRE ATT&CK knowledge base continues to gain traction as the defacto source for supporting business threat assessing, developing proactive cybersecurity and cyber resilience strategies. ATT&CK provides a defined understanding of the advers… Continue reading Deriving value from the MITRE ATT&CK Threat Model
Over the past few years, I’ve had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and pique their interest in (a career in) security. The goal of any teache… Continue reading Using ATT&CK As a Teacher
In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advan… Continue reading Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP
In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advan… Continue reading Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP
Different cybersecurity companies have their own unique ways of talking about the threats they track. That can be frustrating when they need to share critical information about APT28, Fancy Bear, Sofacy or STRONTIUM — all of which are names used by different companies for one prominent Russian hacking group. Experts say that the “ATT&CK” framework — a model for organizing detailed information about how a threat group behaves — has been gaining in popularity and helping organizations share threat intelligence. MITRE Corp., a federally funded nonprofit organization that manages public-private technology partnerships, started developing ATT&CK in 2013. The group says the framework has ballooned into a popular way for people performing different roles in cybersecurity to speak the same language. MITRE held its first ever ATT&CKcon on Tuesday in McLean, Virginia, where various vendors convened to discuss how the framework has streamlined their practice of threat intelligence sharing. ATT&CK provides defenders with spreadsheet-style matrices that […]
The post Experts advocate for ‘ATT&CK’ as go-to framework to share threat intel appeared first on Cyberscoop.
Continue reading Experts advocate for ‘ATT&CK’ as go-to framework to share threat intel
Mark Dufresne explains why MITRE created their tool and what the MITRE attack framework is. Full Show NotesFollow us on Twitter: https://www.twitter.com/securityweekly Hosts
The post Mark Dufresne, Endgame – Paul’s Security Weekly #579 appe… Continue reading Mark Dufresne, Endgame – Paul’s Security Weekly #579
Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case of ransomware. In each case of command and control, the attacker … Continue reading The MITRE ATT&CK Framework: Command and Control
Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage. Ransomware, for example, usually has no interest in exfiltratin… Continue reading The MITRE ATT&CK Framework: Exfiltration