�ݺ�ߣshows by User: MITREATTACK

�ݺ�ߣshows by User: MITREATTACK / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: MITREATTACK / Thu, 12 Dec 2024 12:32:06 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: MITREATTACK Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh Sharma and Shravan Ravi /slideshow/next-gen-threat-informed-defense-human-assisted-intelligent-agents-rajesh-sharma-and-shravan-ravi/274015009 sharmaravinext-genthreatinformeddefense-241212123206-90477136
From ATT&CKcon 5.0 By Rajesh Sharma, AttackIQ and Shravan Ravi, AttackIQ This talk explores how integrating intelligent agents driven by Large Language Models (LLMs) with human expertise can address the challenges of implementing a threat-informed defense strategy using the MITRE ATT&CK framework. We will discuss practical applications such as automated threat mapping, environment relevance assessment, kill chain analysis, security control evaluation, custom scenario development and assessment, as well as the integration of intelligent agents with existing security tools and the creation of detection rules (e.g., Sigma) to enhance threat detection. The advent and progress of AI, Retrieval-Augmented Generation (RAG), Vector Databases, and other such technologies make it feasible to implement threat-informed defense effectively. Attendees will gain insights into how human-assisted intelligent agents can streamline threat identification, impact analysis, and detection verification, ultimately transforming cybersecurity operations from reactive to proactive.]]>
From ATT&CKcon 5.0 By Rajesh Sharma, AttackIQ and Shravan Ravi, AttackIQ This talk explores how integrating intelligent agents driven by Large Language Models (LLMs) with human expertise can address the challenges of implementing a threat-informed defense strategy using the MITRE ATT&CK framework. We will discuss practical applications such as automated threat mapping, environment relevance assessment, kill chain analysis, security control evaluation, custom scenario development and assessment, as well as the integration of intelligent agents with existing security tools and the creation of detection rules (e.g., Sigma) to enhance threat detection. The advent and progress of AI, Retrieval-Augmented Generation (RAG), Vector Databases, and other such technologies make it feasible to implement threat-informed defense effectively. Attendees will gain insights into how human-assisted intelligent agents can streamline threat identification, impact analysis, and detection verification, ultimately transforming cybersecurity operations from reactive to proactive.]]> Thu, 12 Dec 2024 12:32:06 GMT /slideshow/next-gen-threat-informed-defense-human-assisted-intelligent-agents-rajesh-sharma-and-shravan-ravi/274015009 MITREATTACK@slideshare.net(MITREATTACK) Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh Sharma and Shravan Ravi MITREATTACK From ATT&CKcon 5.0 By Rajesh Sharma, AttackIQ and Shravan Ravi, AttackIQ This talk explores how integrating intelligent agents driven by Large Language Models (LLMs) with human expertise can address the challenges of implementing a threat-informed defense strategy using the MITRE ATT&CK framework. We will discuss practical applications such as automated threat mapping, environment relevance assessment, kill chain analysis, security control evaluation, custom scenario development and assessment, as well as the integration of intelligent agents with existing security tools and the creation of detection rules (e.g., Sigma) to enhance threat detection. The advent and progress of AI, Retrieval-Augmented Generation (RAG), Vector Databases, and other such technologies make it feasible to implement threat-informed defense effectively. Attendees will gain insights into how human-assisted intelligent agents can streamline threat identification, impact analysis, and detection verification, ultimately transforming cybersecurity operations from reactive to proactive. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sharmaravinext-genthreatinformeddefense-241212123206-90477136-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Rajesh Sharma, AttackIQ and Shravan Ravi, AttackIQ This talk explores how integrating intelligent agents driven by Large Language Models (LLMs) with human expertise can address the challenges of implementing a threat-informed defense strategy using the MITRE ATT&CK framework. We will discuss practical applications such as automated threat mapping, environment relevance assessment, kill chain analysis, security control evaluation, custom scenario development and assessment, as well as the integration of intelligent agents with existing security tools and the creation of detection rules (e.g., Sigma) to enhance threat detection. The advent and progress of AI, Retrieval-Augmented Generation (RAG), Vector Databases, and other such technologies make it feasible to implement threat-informed defense effectively. Attendees will gain insights into how human-assisted intelligent agents can streamline threat identification, impact analysis, and detection verification, ultimately transforming cybersecurity operations from reactive to proactive.

Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh Sharma and Shravan Ravi from MITRE ATT&CK

]]> 264 0 https://cdn.slidesharecdn.com/ss_thumbnails/sharmaravinext-genthreatinformeddefense-241212123206-90477136-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysis, and Detection Curation using ATT&CK - Brett Tolbert and Abdul Williams /slideshow/birds-of-a-feather-the-evolution-of-threat-actor-prioritization-gap-analysis-and-detection-curation-using-att-ck-brett-tolbert-and-abdul-williams/274014945 tolbertwilliamsbirdsofafeather-attckcon5-241212122803-57478fa4
From ATT&CKcon 5.0 By Brett Tolbert, North America Media Company and Abdul Williams, North America Media Company The MITRE ATT&CK Framework has significantly evolved over the last ten years and its impact on cybersecurity teams is paramount. Likewise, the cyber threat intelligence (CTI) and detection engineering (DE) domains have matured in its principles and outcomes. ATT&CK influences CTI and DE practices by allowing varied cybersecurity teams to communicate tradecraft in a singular language, track and prioritize security threat coverage, and assess threat actor capabilities. However, integrating and maximizing modern ATT&CK use cases in preexisting CTI and DE programs without many resources can be a challenging overhaul. In this presentation, we will discuss the arc of CTI's and DE's evolution due to the prevalence of ATT&CK. We will explore how it can be integrated in cybersecurity programs by providing specific use cases on gap analysis, threat actor prioritization, and blue team tools like VirusTotal and AttackIQ. Finally, we will provide recommendations on building and automating CTI and DE practices that incorporate ATT&CK regardless of resource strain. After attending this talk, attendees will understand how to identify, prioritize, and implement new opportunities to incorporate ATT&CK in CTI and DE programs, impacting the effectiveness of these practices for their respective organizations.]]>
From ATT&CKcon 5.0 By Brett Tolbert, North America Media Company and Abdul Williams, North America Media Company The MITRE ATT&CK Framework has significantly evolved over the last ten years and its impact on cybersecurity teams is paramount. Likewise, the cyber threat intelligence (CTI) and detection engineering (DE) domains have matured in its principles and outcomes. ATT&CK influences CTI and DE practices by allowing varied cybersecurity teams to communicate tradecraft in a singular language, track and prioritize security threat coverage, and assess threat actor capabilities. However, integrating and maximizing modern ATT&CK use cases in preexisting CTI and DE programs without many resources can be a challenging overhaul. In this presentation, we will discuss the arc of CTI's and DE's evolution due to the prevalence of ATT&CK. We will explore how it can be integrated in cybersecurity programs by providing specific use cases on gap analysis, threat actor prioritization, and blue team tools like VirusTotal and AttackIQ. Finally, we will provide recommendations on building and automating CTI and DE practices that incorporate ATT&CK regardless of resource strain. After attending this talk, attendees will understand how to identify, prioritize, and implement new opportunities to incorporate ATT&CK in CTI and DE programs, impacting the effectiveness of these practices for their respective organizations.]]> Thu, 12 Dec 2024 12:28:03 GMT /slideshow/birds-of-a-feather-the-evolution-of-threat-actor-prioritization-gap-analysis-and-detection-curation-using-att-ck-brett-tolbert-and-abdul-williams/274014945 MITREATTACK@slideshare.net(MITREATTACK) Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysis, and Detection Curation using ATT&CK - Brett Tolbert and Abdul Williams MITREATTACK From ATT&CKcon 5.0 By Brett Tolbert, North America Media Company and Abdul Williams, North America Media Company The MITRE ATT&CK Framework has significantly evolved over the last ten years and its impact on cybersecurity teams is paramount. Likewise, the cyber threat intelligence (CTI) and detection engineering (DE) domains have matured in its principles and outcomes. ATT&CK influences CTI and DE practices by allowing varied cybersecurity teams to communicate tradecraft in a singular language, track and prioritize security threat coverage, and assess threat actor capabilities. However, integrating and maximizing modern ATT&CK use cases in preexisting CTI and DE programs without many resources can be a challenging overhaul. In this presentation, we will discuss the arc of CTI's and DE's evolution due to the prevalence of ATT&CK. We will explore how it can be integrated in cybersecurity programs by providing specific use cases on gap analysis, threat actor prioritization, and blue team tools like VirusTotal and AttackIQ. Finally, we will provide recommendations on building and automating CTI and DE practices that incorporate ATT&CK regardless of resource strain. After attending this talk, attendees will understand how to identify, prioritize, and implement new opportunities to incorporate ATT&CK in CTI and DE programs, impacting the effectiveness of these practices for their respective organizations. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/tolbertwilliamsbirdsofafeather-attckcon5-241212122803-57478fa4-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Brett Tolbert, North America Media Company and Abdul Williams, North America Media Company The MITRE ATT&CK Framework has significantly evolved over the last ten years and its impact on cybersecurity teams is paramount. Likewise, the cyber threat intelligence (CTI) and detection engineering (DE) domains have matured in its principles and outcomes. ATT&CK influences CTI and DE practices by allowing varied cybersecurity teams to communicate tradecraft in a singular language, track and prioritize security threat coverage, and assess threat actor capabilities. However, integrating and maximizing modern ATT&CK use cases in preexisting CTI and DE programs without many resources can be a challenging overhaul. In this presentation, we will discuss the arc of CTI's and DE's evolution due to the prevalence of ATT&CK. We will explore how it can be integrated in cybersecurity programs by providing specific use cases on gap analysis, threat actor prioritization, and blue team tools like VirusTotal and AttackIQ. Finally, we will provide recommendations on building and automating CTI and DE practices that incorporate ATT&CK regardless of resource strain. After attending this talk, attendees will understand how to identify, prioritize, and implement new opportunities to incorporate ATT&CK in CTI and DE programs, impacting the effectiveness of these practices for their respective organizations.

Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysis, and Detection Curation using ATT&CK - Brett Tolbert and Abdul Williams from MITRE ATT&CK

]]> 207 0 https://cdn.slidesharecdn.com/ss_thumbnails/tolbertwilliamsbirdsofafeather-attckcon5-241212122803-57478fa4-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resilience - A Guide to Evaluating Threat Detection Coverage - Eli Schorr /slideshow/using-att-ck-and-mitre-ctid-s-stp-frameworks-to-assess-threat-detection-resilience-a-guide-to-evaluating-threat-detection-coverage-eli-schorr/273717977 schorreliattckconslides-measuringtdrwithstpbyelischorr-241129203343-5c729133
From ATT&CKcon 5.0 By Eli Schorr, Accenture In today's evolving cybersecurity landscape, enhancing threat detection capabilities is crucial. This presentation introduces the practical application of MITRE CTID’s new Summitting the Pyramid (StP) framework to evaluate and improve threat detection resilience using the ATT&CK framework. The StP framework offers a robust methodology to enhance threat detection analytics by evaluating them against the adversary’s cost to evade. It addresses the common issue where many analytics depend heavily on specific tools or artifacts, making them susceptible to low-cost evasion techniques by adversaries. Our journey with StP will uncover its evolution and key concepts such as core ATT&CK techniques, core procedures, preexisting and TA-brought tools, and ephemeral IOCs. We will engage the audience in a poll on real-world threat detection rule bypass strategies. Applying the StP framework to ATT&CK, we'll demonstrate how to evaluate and improve threat detection rule resilience through case studies from real-world assessments. The session will illustrate how integrating the ATT&CK and StP frameworks creates a comprehensive threat risk map, enhancing the qualitative depth of ATT&CK coverage. Attendees will leave with practical knowledge on applying the StP framework, understanding its value, and integrating it with the ATT&CK framework for a robust threat detection strategy.]]>
From ATT&CKcon 5.0 By Eli Schorr, Accenture In today's evolving cybersecurity landscape, enhancing threat detection capabilities is crucial. This presentation introduces the practical application of MITRE CTID’s new Summitting the Pyramid (StP) framework to evaluate and improve threat detection resilience using the ATT&CK framework. The StP framework offers a robust methodology to enhance threat detection analytics by evaluating them against the adversary’s cost to evade. It addresses the common issue where many analytics depend heavily on specific tools or artifacts, making them susceptible to low-cost evasion techniques by adversaries. Our journey with StP will uncover its evolution and key concepts such as core ATT&CK techniques, core procedures, preexisting and TA-brought tools, and ephemeral IOCs. We will engage the audience in a poll on real-world threat detection rule bypass strategies. Applying the StP framework to ATT&CK, we'll demonstrate how to evaluate and improve threat detection rule resilience through case studies from real-world assessments. The session will illustrate how integrating the ATT&CK and StP frameworks creates a comprehensive threat risk map, enhancing the qualitative depth of ATT&CK coverage. Attendees will leave with practical knowledge on applying the StP framework, understanding its value, and integrating it with the ATT&CK framework for a robust threat detection strategy.]]> Fri, 29 Nov 2024 20:33:43 GMT /slideshow/using-att-ck-and-mitre-ctid-s-stp-frameworks-to-assess-threat-detection-resilience-a-guide-to-evaluating-threat-detection-coverage-eli-schorr/273717977 MITREATTACK@slideshare.net(MITREATTACK) Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resilience - A Guide to Evaluating Threat Detection Coverage - Eli Schorr MITREATTACK From ATT&CKcon 5.0 By Eli Schorr, Accenture In today's evolving cybersecurity landscape, enhancing threat detection capabilities is crucial. This presentation introduces the practical application of MITRE CTID’s new Summitting the Pyramid (StP) framework to evaluate and improve threat detection resilience using the ATT&CK framework. The StP framework offers a robust methodology to enhance threat detection analytics by evaluating them against the adversary’s cost to evade. It addresses the common issue where many analytics depend heavily on specific tools or artifacts, making them susceptible to low-cost evasion techniques by adversaries. Our journey with StP will uncover its evolution and key concepts such as core ATT&CK techniques, core procedures, preexisting and TA-brought tools, and ephemeral IOCs. We will engage the audience in a poll on real-world threat detection rule bypass strategies. Applying the StP framework to ATT&CK, we'll demonstrate how to evaluate and improve threat detection rule resilience through case studies from real-world assessments. The session will illustrate how integrating the ATT&CK and StP frameworks creates a comprehensive threat risk map, enhancing the qualitative depth of ATT&CK coverage. Attendees will leave with practical knowledge on applying the StP framework, understanding its value, and integrating it with the ATT&CK framework for a robust threat detection strategy. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/schorreliattckconslides-measuringtdrwithstpbyelischorr-241129203343-5c729133-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Eli Schorr, Accenture In today's evolving cybersecurity landscape, enhancing threat detection capabilities is crucial. This presentation introduces the practical application of MITRE CTID’s new Summitting the Pyramid (StP) framework to evaluate and improve threat detection resilience using the ATT&CK framework. The StP framework offers a robust methodology to enhance threat detection analytics by evaluating them against the adversary’s cost to evade. It addresses the common issue where many analytics depend heavily on specific tools or artifacts, making them susceptible to low-cost evasion techniques by adversaries. Our journey with StP will uncover its evolution and key concepts such as core ATT&CK techniques, core procedures, preexisting and TA-brought tools, and ephemeral IOCs. We will engage the audience in a poll on real-world threat detection rule bypass strategies. Applying the StP framework to ATT&CK, we'll demonstrate how to evaluate and improve threat detection rule resilience through case studies from real-world assessments. The session will illustrate how integrating the ATT&CK and StP frameworks creates a comprehensive threat risk map, enhancing the qualitative depth of ATT&CK coverage. Attendees will leave with practical knowledge on applying the StP framework, understanding its value, and integrating it with the ATT&CK framework for a robust threat detection strategy.

Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resilience - A Guide to Evaluating Threat Detection Coverage - Eli Schorr from MITRE ATT&CK

]]> 278 0 https://cdn.slidesharecdn.com/ss_thumbnails/schorreliattckconslides-measuringtdrwithstpbyelischorr-241129203343-5c729133-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, and MITRE ATT&CK - Hare Sudhan Muthusamy /slideshow/bridging-the-gap-enhancing-detection-coverage-with-atomic-red-team-sigma-and-mitre-att-ck-hare-sudhan-muthusamy/273715669 harebridgingthegapfinal-241129173538-0b11296a
From ATT&CKcon 5.0 By Hare Sudhan Muthusamy, Walmart Detection Coverage is a metric that evaluates how effectively an organization's detection capabilities align with threat actors' techniques, tactics, and procedures (TTPs). Manually assessing detection coverage against the MITRE ATT&CK matrix is time-consuming for organizations, especially considering the many security measures in use, such as SIEM, EDR, and more. Even if organizations attempt complex automation to generate detection coverage from all security products, the detections are not guaranteed to be accurate and up-to-date. This session addresses the issues mentioned above and presents how to perform continuous execution and validation with a minimal infrastructure via GitHub Actions and Docker containers to create a replicated lab environment where we execute atomic tests using Atomic Red Team, generate and send logs to a centralized logging infrastructure, and continuously validate them against Sigma detections. It also demonstrates the immense value of mapping attacks and detections against the MITRE ATT&CK Matrix and visualizes the results using the ATT&CK Navigator. These visualizations offer valuable insights into the organization's security posture, highlighting any missing detections. Furthermore, this talk will provide insights into the hurdles of utilizing Github Actions and Docker containers for threat hunting.]]>
From ATT&CKcon 5.0 By Hare Sudhan Muthusamy, Walmart Detection Coverage is a metric that evaluates how effectively an organization's detection capabilities align with threat actors' techniques, tactics, and procedures (TTPs). Manually assessing detection coverage against the MITRE ATT&CK matrix is time-consuming for organizations, especially considering the many security measures in use, such as SIEM, EDR, and more. Even if organizations attempt complex automation to generate detection coverage from all security products, the detections are not guaranteed to be accurate and up-to-date. This session addresses the issues mentioned above and presents how to perform continuous execution and validation with a minimal infrastructure via GitHub Actions and Docker containers to create a replicated lab environment where we execute atomic tests using Atomic Red Team, generate and send logs to a centralized logging infrastructure, and continuously validate them against Sigma detections. It also demonstrates the immense value of mapping attacks and detections against the MITRE ATT&CK Matrix and visualizes the results using the ATT&CK Navigator. These visualizations offer valuable insights into the organization's security posture, highlighting any missing detections. Furthermore, this talk will provide insights into the hurdles of utilizing Github Actions and Docker containers for threat hunting.]]> Fri, 29 Nov 2024 17:35:38 GMT /slideshow/bridging-the-gap-enhancing-detection-coverage-with-atomic-red-team-sigma-and-mitre-att-ck-hare-sudhan-muthusamy/273715669 MITREATTACK@slideshare.net(MITREATTACK) Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, and MITRE ATT&CK - Hare Sudhan Muthusamy MITREATTACK From ATT&CKcon 5.0 By Hare Sudhan Muthusamy, Walmart Detection Coverage is a metric that evaluates how effectively an organization's detection capabilities align with threat actors' techniques, tactics, and procedures (TTPs). Manually assessing detection coverage against the MITRE ATT&CK matrix is time-consuming for organizations, especially considering the many security measures in use, such as SIEM, EDR, and more. Even if organizations attempt complex automation to generate detection coverage from all security products, the detections are not guaranteed to be accurate and up-to-date. This session addresses the issues mentioned above and presents how to perform continuous execution and validation with a minimal infrastructure via GitHub Actions and Docker containers to create a replicated lab environment where we execute atomic tests using Atomic Red Team, generate and send logs to a centralized logging infrastructure, and continuously validate them against Sigma detections. It also demonstrates the immense value of mapping attacks and detections against the MITRE ATT&CK Matrix and visualizes the results using the ATT&CK Navigator. These visualizations offer valuable insights into the organization's security posture, highlighting any missing detections. Furthermore, this talk will provide insights into the hurdles of utilizing Github Actions and Docker containers for threat hunting. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/harebridgingthegapfinal-241129173538-0b11296a-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Hare Sudhan Muthusamy, Walmart Detection Coverage is a metric that evaluates how effectively an organization's detection capabilities align with threat actors' techniques, tactics, and procedures (TTPs). Manually assessing detection coverage against the MITRE ATT&CK matrix is time-consuming for organizations, especially considering the many security measures in use, such as SIEM, EDR, and more. Even if organizations attempt complex automation to generate detection coverage from all security products, the detections are not guaranteed to be accurate and up-to-date. This session addresses the issues mentioned above and presents how to perform continuous execution and validation with a minimal infrastructure via GitHub Actions and Docker containers to create a replicated lab environment where we execute atomic tests using Atomic Red Team, generate and send logs to a centralized logging infrastructure, and continuously validate them against Sigma detections. It also demonstrates the immense value of mapping attacks and detections against the MITRE ATT&CK Matrix and visualizes the results using the ATT&CK Navigator. These visualizations offer valuable insights into the organization's security posture, highlighting any missing detections. Furthermore, this talk will provide insights into the hurdles of utilizing Github Actions and Docker containers for threat hunting.

Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, and MITRE ATT&CK - Hare Sudhan Muthusamy from MITRE ATT&CK

]]> 105 0 https://cdn.slidesharecdn.com/ss_thumbnails/harebridgingthegapfinal-241129173538-0b11296a-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire /slideshow/saasy-att-ck-practical-att-ck-usage-for-saas-based-telemetry-aaron-shelmire/273715634 shelmireaaronmitreattcksaasyattck-241129173414-57805e31
From ATT&CKcon 5.0 By Aaron Shelmire, Abstract Security The ATT&CK Matrices have proven invaluable for Endpoint, Network, IoT and Cloud detection and threat research. As organizations adopt more SaaS software, and organizations gain visibility into their SaaS-estates, how can we apply ATT&CK to SaaS? In this talk we’ll share how the Abstract Security team has used ATT&CK to help drive threat research into SaaS attacks, and used ATT&CK to assist detection engineering of SaaS telemetry.]]>
From ATT&CKcon 5.0 By Aaron Shelmire, Abstract Security The ATT&CK Matrices have proven invaluable for Endpoint, Network, IoT and Cloud detection and threat research. As organizations adopt more SaaS software, and organizations gain visibility into their SaaS-estates, how can we apply ATT&CK to SaaS? In this talk we’ll share how the Abstract Security team has used ATT&CK to help drive threat research into SaaS attacks, and used ATT&CK to assist detection engineering of SaaS telemetry.]]> Fri, 29 Nov 2024 17:34:14 GMT /slideshow/saasy-att-ck-practical-att-ck-usage-for-saas-based-telemetry-aaron-shelmire/273715634 MITREATTACK@slideshare.net(MITREATTACK) SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire MITREATTACK From ATT&CKcon 5.0 By Aaron Shelmire, Abstract Security The ATT&CK Matrices have proven invaluable for Endpoint, Network, IoT and Cloud detection and threat research. As organizations adopt more SaaS software, and organizations gain visibility into their SaaS-estates, how can we apply ATT&CK to SaaS? In this talk we’ll share how the Abstract Security team has used ATT&CK to help drive threat research into SaaS attacks, and used ATT&CK to assist detection engineering of SaaS telemetry. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/shelmireaaronmitreattcksaasyattck-241129173414-57805e31-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Aaron Shelmire, Abstract Security The ATT&CK Matrices have proven invaluable for Endpoint, Network, IoT and Cloud detection and threat research. As organizations adopt more SaaS software, and organizations gain visibility into their SaaS-estates, how can we apply ATT&CK to SaaS? In this talk we’ll share how the Abstract Security team has used ATT&CK to help drive threat research into SaaS attacks, and used ATT&CK to assist detection engineering of SaaS telemetry.

SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire from MITRE ATT&CK

]]> 103 0 https://cdn.slidesharecdn.com/ss_thumbnails/shelmireaaronmitreattcksaasyattck-241129173414-57805e31-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill /slideshow/i-ll-take-att-ck-techniques-that-can-be-done-for-1000-alex-ben-langrill/273715590 langrillbenjaminattackcon5-241129173055-76ad523d
From ATT&CKcon 5.0 By Ben Langrill, Optimizer, LLC How ""hard"" is it to do a given ATT&CK technique? Are they all the same? Clearly Phishing is a lot easier than Hardware additions for initial access. How many ATT&CK techniques can be done within a budget of say $1000? Answering these questions is a powerful step towards knowing what kinds of threats you will face. Building on the ATTCKCon 4.0 Lightning Talk ""Adjectives for ATT&CK"", this presentation continues the work of organizing offensive techniques into levels of effort. This enables better training, prediction of adversary capabilities and imposing the maximum cost on threat actors.]]>
From ATT&CKcon 5.0 By Ben Langrill, Optimizer, LLC How ""hard"" is it to do a given ATT&CK technique? Are they all the same? Clearly Phishing is a lot easier than Hardware additions for initial access. How many ATT&CK techniques can be done within a budget of say $1000? Answering these questions is a powerful step towards knowing what kinds of threats you will face. Building on the ATTCKCon 4.0 Lightning Talk ""Adjectives for ATT&CK"", this presentation continues the work of organizing offensive techniques into levels of effort. This enables better training, prediction of adversary capabilities and imposing the maximum cost on threat actors.]]> Fri, 29 Nov 2024 17:30:55 GMT /slideshow/i-ll-take-att-ck-techniques-that-can-be-done-for-1000-alex-ben-langrill/273715590 MITREATTACK@slideshare.net(MITREATTACK) I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill MITREATTACK From ATT&CKcon 5.0 By Ben Langrill, Optimizer, LLC How ""hard"" is it to do a given ATT&CK technique? Are they all the same? Clearly Phishing is a lot easier than Hardware additions for initial access. How many ATT&CK techniques can be done within a budget of say $1000? Answering these questions is a powerful step towards knowing what kinds of threats you will face. Building on the ATTCKCon 4.0 Lightning Talk ""Adjectives for ATT&CK"", this presentation continues the work of organizing offensive techniques into levels of effort. This enables better training, prediction of adversary capabilities and imposing the maximum cost on threat actors. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/langrillbenjaminattackcon5-241129173055-76ad523d-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Ben Langrill, Optimizer, LLC How ""hard"" is it to do a given ATT&CK technique? Are they all the same? Clearly Phishing is a lot easier than Hardware additions for initial access. How many ATT&CK techniques can be done within a budget of say $1000? Answering these questions is a powerful step towards knowing what kinds of threats you will face. Building on the ATTCKCon 4.0 Lightning Talk ""Adjectives for ATT&CK"", this presentation continues the work of organizing offensive techniques into levels of effort. This enables better training, prediction of adversary capabilities and imposing the maximum cost on threat actors.

I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill from MITRE ATT&CK

]]> 70 0 https://cdn.slidesharecdn.com/ss_thumbnails/langrillbenjaminattackcon5-241129173055-76ad523d-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Environment - Marcelle Lee /slideshow/practical-application-of-mitre-att-ck-real-world-usage-in-a-corporate-environment-marcelle-lee/273715567 leeattackcon20241022-241129172922-b147091a
From ATT&CKcon 5.0 By Marcelle Lee, Equinix We see a lot of chatter about various vendor tools and how they map to the framework, but in this talk I will address how we actually implement mapping in our day to day work in threat research for a multi-national data center organization.]]>
From ATT&CKcon 5.0 By Marcelle Lee, Equinix We see a lot of chatter about various vendor tools and how they map to the framework, but in this talk I will address how we actually implement mapping in our day to day work in threat research for a multi-national data center organization.]]> Fri, 29 Nov 2024 17:29:22 GMT /slideshow/practical-application-of-mitre-att-ck-real-world-usage-in-a-corporate-environment-marcelle-lee/273715567 MITREATTACK@slideshare.net(MITREATTACK) Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Environment - Marcelle Lee MITREATTACK From ATT&CKcon 5.0 By Marcelle Lee, Equinix We see a lot of chatter about various vendor tools and how they map to the framework, but in this talk I will address how we actually implement mapping in our day to day work in threat research for a multi-national data center organization. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/leeattackcon20241022-241129172922-b147091a-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Marcelle Lee, Equinix We see a lot of chatter about various vendor tools and how they map to the framework, but in this talk I will address how we actually implement mapping in our day to day work in threat research for a multi-national data center organization.

Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Environment - Marcelle Lee from MITRE ATT&CK

]]> 141 0 https://cdn.slidesharecdn.com/ss_thumbnails/leeattackcon20241022-241129172922-b147091a-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint Detection Rulesets - Apurva Virkud /slideshow/this-is-why-we-don-t-shout-bingo-analyzing-att-ck-integration-in-endpoint-detection-rulesets-apurva-virkud/273715558 virkudthisiswhywedontshoutbingo-241129172824-e561b617
From ATT&CKcon 5.0 By Apurva Virkud, University of Illinois Urbana-Champaign In spite of early and frequent warnings not to shout “Bingo,” ATT&CK technique coverage continues to be touted by security products and is used by organizations and purchasers as the basis for evaluating security posture. In coverage-based assessments, having at least one detection rule for as many techniques as possible is prioritized over the depth or quality of detections. But why is this such a bad idea? To understand the implications of coverage-based assessments, we examine the ATT&CK technique annotations in four major endpoint detection rulesets: Carbon Black, Splunk, Elastic, and Sigma. We find that large regions of the Enterprise ATT&CK Matrix are unimplemented in all rulesets (53 Techniques), in part due to the fact that many techniques are unrealizable as endpoint detection rules. We go on to consider how consistently different rulesets apply technique annotations – even when attempting to detect the same malicious entity, products completely disagree about the appropriate ATT&CK technique annotations 51% of the time, while fully agreeing just 2.7% of the time. Put another way, “covering” one technique may not even suggest protection from the same threat across different products. These findings underscore the dangers of coverage-based ATT&CK assessments.]]>
From ATT&CKcon 5.0 By Apurva Virkud, University of Illinois Urbana-Champaign In spite of early and frequent warnings not to shout “Bingo,” ATT&CK technique coverage continues to be touted by security products and is used by organizations and purchasers as the basis for evaluating security posture. In coverage-based assessments, having at least one detection rule for as many techniques as possible is prioritized over the depth or quality of detections. But why is this such a bad idea? To understand the implications of coverage-based assessments, we examine the ATT&CK technique annotations in four major endpoint detection rulesets: Carbon Black, Splunk, Elastic, and Sigma. We find that large regions of the Enterprise ATT&CK Matrix are unimplemented in all rulesets (53 Techniques), in part due to the fact that many techniques are unrealizable as endpoint detection rules. We go on to consider how consistently different rulesets apply technique annotations – even when attempting to detect the same malicious entity, products completely disagree about the appropriate ATT&CK technique annotations 51% of the time, while fully agreeing just 2.7% of the time. Put another way, “covering” one technique may not even suggest protection from the same threat across different products. These findings underscore the dangers of coverage-based ATT&CK assessments.]]> Fri, 29 Nov 2024 17:28:24 GMT /slideshow/this-is-why-we-don-t-shout-bingo-analyzing-att-ck-integration-in-endpoint-detection-rulesets-apurva-virkud/273715558 MITREATTACK@slideshare.net(MITREATTACK) This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint Detection Rulesets - Apurva Virkud MITREATTACK From ATT&CKcon 5.0 By Apurva Virkud, University of Illinois Urbana-Champaign In spite of early and frequent warnings not to shout “Bingo,” ATT&CK technique coverage continues to be touted by security products and is used by organizations and purchasers as the basis for evaluating security posture. In coverage-based assessments, having at least one detection rule for as many techniques as possible is prioritized over the depth or quality of detections. But why is this such a bad idea? To understand the implications of coverage-based assessments, we examine the ATT&CK technique annotations in four major endpoint detection rulesets: Carbon Black, Splunk, Elastic, and Sigma. We find that large regions of the Enterprise ATT&CK Matrix are unimplemented in all rulesets (53 Techniques), in part due to the fact that many techniques are unrealizable as endpoint detection rules. We go on to consider how consistently different rulesets apply technique annotations – even when attempting to detect the same malicious entity, products completely disagree about the appropriate ATT&CK technique annotations 51% of the time, while fully agreeing just 2.7% of the time. Put another way, “covering” one technique may not even suggest protection from the same threat across different products. These findings underscore the dangers of coverage-based ATT&CK assessments. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/virkudthisiswhywedontshoutbingo-241129172824-e561b617-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Apurva Virkud, University of Illinois Urbana-Champaign In spite of early and frequent warnings not to shout “Bingo,” ATT&CK technique coverage continues to be touted by security products and is used by organizations and purchasers as the basis for evaluating security posture. In coverage-based assessments, having at least one detection rule for as many techniques as possible is prioritized over the depth or quality of detections. But why is this such a bad idea? To understand the implications of coverage-based assessments, we examine the ATT&CK technique annotations in four major endpoint detection rulesets: Carbon Black, Splunk, Elastic, and Sigma. We find that large regions of the Enterprise ATT&CK Matrix are unimplemented in all rulesets (53 Techniques), in part due to the fact that many techniques are unrealizable as endpoint detection rules. We go on to consider how consistently different rulesets apply technique annotations – even when attempting to detect the same malicious entity, products completely disagree about the appropriate ATT&CK technique annotations 51% of the time, while fully agreeing just 2.7% of the time. Put another way, “covering” one technique may not even suggest protection from the same threat across different products. These findings underscore the dangers of coverage-based ATT&CK assessments.

This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint Detection Rulesets - Apurva Virkud from MITRE ATT&CK

]]> 83 0 https://cdn.slidesharecdn.com/ss_thumbnails/virkudthisiswhywedontshoutbingo-241129172824-e561b617-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Every Cloud Has a Purple Lining - Arun Seelagan /slideshow/every-cloud-has-a-purple-lining-arun-seelagan/273715535 seelageneverycloudhasapurpleliningv1-241129172646-32746d2a
From ATT&CKcon 5.0 By Arun Seelagan, CISA This talk presents how ATT&CK was used to fill gaps in cloud technique coverage during a recent purple team exercise. By emulating threat actor tactics in a simulated hybrid cloud environment, a joint team of incident responders and data scientists was able to discern strengths and deficiencies in cloud data sources and formulate detection logic for malicious behaviors. These outcomes were achieved by systematically mapping red team activities to ATT&CK and tracking blue team coverage using a purple team campaign management capability. As a result, cloud visibility gaps are being closed and ATT&CK-annotated detection rules operationalized to accelerate threat detection on critical networks.]]>
From ATT&CKcon 5.0 By Arun Seelagan, CISA This talk presents how ATT&CK was used to fill gaps in cloud technique coverage during a recent purple team exercise. By emulating threat actor tactics in a simulated hybrid cloud environment, a joint team of incident responders and data scientists was able to discern strengths and deficiencies in cloud data sources and formulate detection logic for malicious behaviors. These outcomes were achieved by systematically mapping red team activities to ATT&CK and tracking blue team coverage using a purple team campaign management capability. As a result, cloud visibility gaps are being closed and ATT&CK-annotated detection rules operationalized to accelerate threat detection on critical networks.]]> Fri, 29 Nov 2024 17:26:46 GMT /slideshow/every-cloud-has-a-purple-lining-arun-seelagan/273715535 MITREATTACK@slideshare.net(MITREATTACK) Every Cloud Has a Purple Lining - Arun Seelagan MITREATTACK From ATT&CKcon 5.0 By Arun Seelagan, CISA This talk presents how ATT&CK was used to fill gaps in cloud technique coverage during a recent purple team exercise. By emulating threat actor tactics in a simulated hybrid cloud environment, a joint team of incident responders and data scientists was able to discern strengths and deficiencies in cloud data sources and formulate detection logic for malicious behaviors. These outcomes were achieved by systematically mapping red team activities to ATT&CK and tracking blue team coverage using a purple team campaign management capability. As a result, cloud visibility gaps are being closed and ATT&CK-annotated detection rules operationalized to accelerate threat detection on critical networks. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/seelageneverycloudhasapurpleliningv1-241129172646-32746d2a-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Arun Seelagan, CISA This talk presents how ATT&CK was used to fill gaps in cloud technique coverage during a recent purple team exercise. By emulating threat actor tactics in a simulated hybrid cloud environment, a joint team of incident responders and data scientists was able to discern strengths and deficiencies in cloud data sources and formulate detection logic for malicious behaviors. These outcomes were achieved by systematically mapping red team activities to ATT&CK and tracking blue team coverage using a purple team campaign management capability. As a result, cloud visibility gaps are being closed and ATT&CK-annotated detection rules operationalized to accelerate threat detection on critical networks.

Every Cloud Has a Purple Lining - Arun Seelagan from MITRE ATT&CK

]]> 86 0 https://cdn.slidesharecdn.com/ss_thumbnails/seelageneverycloudhasapurpleliningv1-241129172646-32746d2a-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profiler - Tim Pappa /slideshow/confession-3-things-i-wish-i-knew-about-mitre-att-ck-when-i-was-an-fbi-profiler-tim-pappa/273715520 pappaattackcon-241129172542-b2a8f741
From ATT&CKcon 5.0 By Tim Pappa, Walmart Global Tech This presentation is a confession of a former FBI profiler who never used MITRE ATT&CK when applying cyber behavioral analysis to design approaches to behaviorally exploit attackers. This cyber deception practitioner’s presentation will share three lessons learned about designing behaviorally based cyber deception and influence campaigns against attackers and attack groups, demonstrating how MITRE ATT&CK could have guided the design of deception and influence campaigns to make them more plausible and more effective at driving attacker behaviors online. This presentation will reference ATT&CK’s historical archive on Volatile Cedar as an example. These confessional lessons learned suggests that MITRE ATT&CK can provide an instrumental design step in conceptualizing and materializing behaviorally based cyber deception and influence campaigns.]]>
From ATT&CKcon 5.0 By Tim Pappa, Walmart Global Tech This presentation is a confession of a former FBI profiler who never used MITRE ATT&CK when applying cyber behavioral analysis to design approaches to behaviorally exploit attackers. This cyber deception practitioner’s presentation will share three lessons learned about designing behaviorally based cyber deception and influence campaigns against attackers and attack groups, demonstrating how MITRE ATT&CK could have guided the design of deception and influence campaigns to make them more plausible and more effective at driving attacker behaviors online. This presentation will reference ATT&CK’s historical archive on Volatile Cedar as an example. These confessional lessons learned suggests that MITRE ATT&CK can provide an instrumental design step in conceptualizing and materializing behaviorally based cyber deception and influence campaigns.]]> Fri, 29 Nov 2024 17:25:42 GMT /slideshow/confession-3-things-i-wish-i-knew-about-mitre-att-ck-when-i-was-an-fbi-profiler-tim-pappa/273715520 MITREATTACK@slideshare.net(MITREATTACK) Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profiler - Tim Pappa MITREATTACK From ATT&CKcon 5.0 By Tim Pappa, Walmart Global Tech This presentation is a confession of a former FBI profiler who never used MITRE ATT&CK when applying cyber behavioral analysis to design approaches to behaviorally exploit attackers. This cyber deception practitioner’s presentation will share three lessons learned about designing behaviorally based cyber deception and influence campaigns against attackers and attack groups, demonstrating how MITRE ATT&CK could have guided the design of deception and influence campaigns to make them more plausible and more effective at driving attacker behaviors online. This presentation will reference ATT&CK’s historical archive on Volatile Cedar as an example. These confessional lessons learned suggests that MITRE ATT&CK can provide an instrumental design step in conceptualizing and materializing behaviorally based cyber deception and influence campaigns. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/pappaattackcon-241129172542-b2a8f741-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Tim Pappa, Walmart Global Tech This presentation is a confession of a former FBI profiler who never used MITRE ATT&CK when applying cyber behavioral analysis to design approaches to behaviorally exploit attackers. This cyber deception practitioner’s presentation will share three lessons learned about designing behaviorally based cyber deception and influence campaigns against attackers and attack groups, demonstrating how MITRE ATT&CK could have guided the design of deception and influence campaigns to make them more plausible and more effective at driving attacker behaviors online. This presentation will reference ATT&CK’s historical archive on Volatile Cedar as an example. These confessional lessons learned suggests that MITRE ATT&CK can provide an instrumental design step in conceptualizing and materializing behaviorally based cyber deception and influence campaigns.

Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profiler - Tim Pappa from MITRE ATT&CK

]]> 72 0 https://cdn.slidesharecdn.com/ss_thumbnails/pappaattackcon-241129172542-b2a8f741-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Security Operations Teams Transform to Win - Allie Mellen /slideshow/att-ckcon-5-0-keynote-from-ticket-closers-to-practitioners-how-great-security-operations-teams-transform-to-win-allie-mellen/273593814 mellen-keynote-fromticketcloserstopractitioners-howgreatsecurityoperationsteamstransformtowin-241125204056-4b21c56a
From ATT&CKcon 5.0 By Allie Mellen, Forrester Security operations is a hamster wheel: we close tickets, we burn out, we leave to become farmers, rinse and repeat. The challenges that got us here are numerous: we have too much data coming in, struggle to consistently get actionable insights from that data, and can never seem to find enough skilled practitioners. The solution requires we ditch the old ways and embrace a new approach built for the future: detection engineering. This keynote breaks down how some of the largest enterprises in the world are leveraging detection engineering, how they made the switch, and tips and tricks to kickstart your transformation at any size organization.]]>
From ATT&CKcon 5.0 By Allie Mellen, Forrester Security operations is a hamster wheel: we close tickets, we burn out, we leave to become farmers, rinse and repeat. The challenges that got us here are numerous: we have too much data coming in, struggle to consistently get actionable insights from that data, and can never seem to find enough skilled practitioners. The solution requires we ditch the old ways and embrace a new approach built for the future: detection engineering. This keynote breaks down how some of the largest enterprises in the world are leveraging detection engineering, how they made the switch, and tips and tricks to kickstart your transformation at any size organization.]]> Mon, 25 Nov 2024 20:40:55 GMT /slideshow/att-ckcon-5-0-keynote-from-ticket-closers-to-practitioners-how-great-security-operations-teams-transform-to-win-allie-mellen/273593814 MITREATTACK@slideshare.net(MITREATTACK) ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Security Operations Teams Transform to Win - Allie Mellen MITREATTACK From ATT&CKcon 5.0 By Allie Mellen, Forrester Security operations is a hamster wheel: we close tickets, we burn out, we leave to become farmers, rinse and repeat. The challenges that got us here are numerous: we have too much data coming in, struggle to consistently get actionable insights from that data, and can never seem to find enough skilled practitioners. The solution requires we ditch the old ways and embrace a new approach built for the future: detection engineering. This keynote breaks down how some of the largest enterprises in the world are leveraging detection engineering, how they made the switch, and tips and tricks to kickstart your transformation at any size organization. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/mellen-keynote-fromticketcloserstopractitioners-howgreatsecurityoperationsteamstransformtowin-241125204056-4b21c56a-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Allie Mellen, Forrester Security operations is a hamster wheel: we close tickets, we burn out, we leave to become farmers, rinse and repeat. The challenges that got us here are numerous: we have too much data coming in, struggle to consistently get actionable insights from that data, and can never seem to find enough skilled practitioners. The solution requires we ditch the old ways and embrace a new approach built for the future: detection engineering. This keynote breaks down how some of the largest enterprises in the world are leveraging detection engineering, how they made the switch, and tips and tricks to kickstart your transformation at any size organization.

ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Security Operations Teams Transform to Win - Allie Mellen from MITRE ATT&CK

]]> 129 0 https://cdn.slidesharecdn.com/ss_thumbnails/mellen-keynote-fromticketcloserstopractitioners-howgreatsecurityoperationsteamstransformtowin-241125204056-4b21c56a-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 ATT&CKcon 5.0 Lightning Talks - Various Speakers /slideshow/att-ckcon-5-0-lightning-talks-various-speakers/273593813 lightningtalks-241125204055-1d484ca1
From ATT&CKcon 5.0 By: Jon Tran Hossein Jazi Manish Kapoor Wade Baker Ivan Ninichuck Reid Gilman �ݺ�ߣs from the ATT&CKcon 5.0 Lightning talks (combined presentation)]]>
From ATT&CKcon 5.0 By: Jon Tran Hossein Jazi Manish Kapoor Wade Baker Ivan Ninichuck Reid Gilman �ݺ�ߣs from the ATT&CKcon 5.0 Lightning talks (combined presentation)]]> Mon, 25 Nov 2024 20:40:54 GMT /slideshow/att-ckcon-5-0-lightning-talks-various-speakers/273593813 MITREATTACK@slideshare.net(MITREATTACK) ATT&CKcon 5.0 Lightning Talks - Various Speakers MITREATTACK From ATT&CKcon 5.0 By: Jon Tran Hossein Jazi Manish Kapoor Wade Baker Ivan Ninichuck Reid Gilman �ݺ�ߣs from the ATT&CKcon 5.0 Lightning talks (combined presentation) <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/lightningtalks-241125204055-1d484ca1-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By: Jon Tran Hossein Jazi Manish Kapoor Wade Baker Ivan Ninichuck Reid Gilman �ݺ�ߣs from the ATT&CKcon 5.0 Lightning talks (combined presentation)

ATT&CKcon 5.0 Lightning Talks - Various Speakers from MITRE ATT&CK

]]> 102 0 https://cdn.slidesharecdn.com/ss_thumbnails/lightningtalks-241125204055-1d484ca1-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton /slideshow/mitre-att-ck-updates-defensive-att-ck-lex-crumpton/273593812 crumpton-updates-defensive-241125204053-91464c62
From ATT&CKcon 5.0 By Lex Crumpton Updates from the ATT&CK team]]>
From ATT&CKcon 5.0 By Lex Crumpton Updates from the ATT&CK team]]> Mon, 25 Nov 2024 20:40:53 GMT /slideshow/mitre-att-ck-updates-defensive-att-ck-lex-crumpton/273593812 MITREATTACK@slideshare.net(MITREATTACK) MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton MITREATTACK From ATT&CKcon 5.0 By Lex Crumpton Updates from the ATT&CK team <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/crumpton-updates-defensive-241125204053-91464c62-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Lex Crumpton Updates from the ATT&CK team

MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton from MITRE ATT&CK

]]> 80 0 https://cdn.slidesharecdn.com/ss_thumbnails/crumpton-updates-defensive-241125204053-91464c62-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 MITRE ATT&CK Updates: Enterprise - Casey Knerr /slideshow/mitre-att-ck-updates-enterprise-casey-knerr/273593811 knerr-updates-enterprise-241125204052-5f29439d
From ATT&CKcon 5.0 By Casey Knerr Updates from the ATT&CK Team]]>
From ATT&CKcon 5.0 By Casey Knerr Updates from the ATT&CK Team]]> Mon, 25 Nov 2024 20:40:52 GMT /slideshow/mitre-att-ck-updates-enterprise-casey-knerr/273593811 MITREATTACK@slideshare.net(MITREATTACK) MITRE ATT&CK Updates: Enterprise - Casey Knerr MITREATTACK From ATT&CKcon 5.0 By Casey Knerr Updates from the ATT&CK Team <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/knerr-updates-enterprise-241125204052-5f29439d-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Casey Knerr Updates from the ATT&CK Team

MITRE ATT&CK Updates: Enterprise - Casey Knerr from MITRE ATT&CK

]]> 72 0 https://cdn.slidesharecdn.com/ss_thumbnails/knerr-updates-enterprise-241125204052-5f29439d-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik /slideshow/mitre-att-ck-updates-cti-path-forward-joe-slowik/273593810 slowik-updates-cti-241125204051-ffe6641e
From ATT&CKcon 5.0 By Joe Slowik Updates from the ATT&CK Team]]>
From ATT&CKcon 5.0 By Joe Slowik Updates from the ATT&CK Team]]> Mon, 25 Nov 2024 20:40:51 GMT /slideshow/mitre-att-ck-updates-cti-path-forward-joe-slowik/273593810 MITREATTACK@slideshare.net(MITREATTACK) MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik MITREATTACK From ATT&CKcon 5.0 By Joe Slowik Updates from the ATT&CK Team <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/slowik-updates-cti-241125204051-ffe6641e-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Joe Slowik Updates from the ATT&CK Team

MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik from MITRE ATT&CK

]]> 46 0 https://cdn.slidesharecdn.com/ss_thumbnails/slowik-updates-cti-241125204051-ffe6641e-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 MITRE ATT&CK Updates: Software - Jared Ondricek /slideshow/mitre-att-ck-updates-software-jared-ondricek/273284273 ondricek-updates-software-dev-241113201532-a1937bed
From ATT&CKcon 5.0 By Jared Ondricek Updates from the ATT&CK team]]>
From ATT&CKcon 5.0 By Jared Ondricek Updates from the ATT&CK team]]> Wed, 13 Nov 2024 20:15:32 GMT /slideshow/mitre-att-ck-updates-software-jared-ondricek/273284273 MITREATTACK@slideshare.net(MITREATTACK) MITRE ATT&CK Updates: Software - Jared Ondricek MITREATTACK From ATT&CKcon 5.0 By Jared Ondricek Updates from the ATT&CK team <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/ondricek-updates-software-dev-241113201532-a1937bed-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Jared Ondricek Updates from the ATT&CK team

MITRE ATT&CK Updates: Software - Jared Ondricek from MITRE ATT&CK

]]> 53 0 https://cdn.slidesharecdn.com/ss_thumbnails/ondricek-updates-software-dev-241113201532-a1937bed-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 State of the ATT&CK 2024 - Adam Pennington /slideshow/state-of-the-att-ck-2024-adam-pennington/273284244 pennington-updates-stateofattack5-241113201354-21d80f46
From ATT&CKcon 5.0 By Adam Pennington Updates and previews of what's going on with the ATT&CK framework.]]>
From ATT&CKcon 5.0 By Adam Pennington Updates and previews of what's going on with the ATT&CK framework.]]> Wed, 13 Nov 2024 20:13:54 GMT /slideshow/state-of-the-att-ck-2024-adam-pennington/273284244 MITREATTACK@slideshare.net(MITREATTACK) State of the ATT&CK 2024 - Adam Pennington MITREATTACK From ATT&CKcon 5.0 By Adam Pennington Updates and previews of what's going on with the ATT&CK framework. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/pennington-updates-stateofattack5-241113201354-21d80f46-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Adam Pennington Updates and previews of what's going on with the ATT&CK framework.

State of the ATT&CK 2024 - Adam Pennington from MITRE ATT&CK

]]> 104 0 https://cdn.slidesharecdn.com/ss_thumbnails/pennington-updates-stateofattack5-241113201354-21d80f46-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert Funches /slideshow/sources-of-att-ck-a-bibliographic-journey-through-enterprise-att-ck/273278608 funchessourcesofattack-241113152157-36a2a7da
From ATT&CKcon 5.0 By Robert Funches, CACI International Inc Pop quiz: do you know what’s at the bottom of the page for every ATT&CK technique, group, software, and mitigation? (No cheating!) It’s a list of references: the cyber threat intelligence that underpins ATT&CK and provides valuable information about adversary tactics and techniques. Peel back that layer, though, and you’ll discover the history of ATT&CK and the broader cybersecurity landscape. In this talk, learn how to work programmatically with the data in ATT&CK, explore the references in ATT&CK through visualizations and analysis, and give back to the ATT&CK community through recommendations and calls-for-action.]]>
From ATT&CKcon 5.0 By Robert Funches, CACI International Inc Pop quiz: do you know what’s at the bottom of the page for every ATT&CK technique, group, software, and mitigation? (No cheating!) It’s a list of references: the cyber threat intelligence that underpins ATT&CK and provides valuable information about adversary tactics and techniques. Peel back that layer, though, and you’ll discover the history of ATT&CK and the broader cybersecurity landscape. In this talk, learn how to work programmatically with the data in ATT&CK, explore the references in ATT&CK through visualizations and analysis, and give back to the ATT&CK community through recommendations and calls-for-action.]]> Wed, 13 Nov 2024 15:21:57 GMT /slideshow/sources-of-att-ck-a-bibliographic-journey-through-enterprise-att-ck/273278608 MITREATTACK@slideshare.net(MITREATTACK) Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert Funches MITREATTACK From ATT&CKcon 5.0 By Robert Funches, CACI International Inc Pop quiz: do you know what’s at the bottom of the page for every ATT&CK technique, group, software, and mitigation? (No cheating!) It’s a list of references: the cyber threat intelligence that underpins ATT&CK and provides valuable information about adversary tactics and techniques. Peel back that layer, though, and you’ll discover the history of ATT&CK and the broader cybersecurity landscape. In this talk, learn how to work programmatically with the data in ATT&CK, explore the references in ATT&CK through visualizations and analysis, and give back to the ATT&CK community through recommendations and calls-for-action. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/funchessourcesofattack-241113152157-36a2a7da-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Robert Funches, CACI International Inc Pop quiz: do you know what’s at the bottom of the page for every ATT&CK technique, group, software, and mitigation? (No cheating!) It’s a list of references: the cyber threat intelligence that underpins ATT&CK and provides valuable information about adversary tactics and techniques. Peel back that layer, though, and you’ll discover the history of ATT&CK and the broader cybersecurity landscape. In this talk, learn how to work programmatically with the data in ATT&CK, explore the references in ATT&CK through visualizations and analysis, and give back to the ATT&CK community through recommendations and calls-for-action.

Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert Funches from MITRE ATT&CK

]]> 57 0 https://cdn.slidesharecdn.com/ss_thumbnails/funchessourcesofattack-241113152157-36a2a7da-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Updates from The Center for Threat Informed Defense - Jon Baker /slideshow/updates-from-center-for-threat-informed-defense-jon-baker/273278607 baker-updatesfromctid-2024-10-23-241113152156-5e8b2d25
From ATT&CKcon 5.0 By Jon Baker, MITRE]]>
From ATT&CKcon 5.0 By Jon Baker, MITRE]]> Wed, 13 Nov 2024 15:21:56 GMT /slideshow/updates-from-center-for-threat-informed-defense-jon-baker/273278607 MITREATTACK@slideshare.net(MITREATTACK) Updates from The Center for Threat Informed Defense - Jon Baker MITREATTACK From ATT&CKcon 5.0 By Jon Baker, MITRE <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/baker-updatesfromctid-2024-10-23-241113152156-5e8b2d25-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Jon Baker, MITRE

Updates from The Center for Threat Informed Defense - Jon Baker from MITRE ATT&CK

]]> 55 0 https://cdn.slidesharecdn.com/ss_thumbnails/baker-updatesfromctid-2024-10-23-241113152156-5e8b2d25-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole Hoffman and James Nutland /slideshow/go-go-ransom-rangers-diving-into-akira-s-linux-variant-with-att-ck-nicole-hoffman-and-james-nutland/273278606 hoffmangogoransomrangersupdated-241113152156-ced4d1b9
From ATT&CKcon 5.0 By Nicole Hoffman, Cisco Talos and James Nutland, Cisco Talos This planet is under attack, and we have brought you here to save it. Within this presentation, we will provide a brief history of Akira ransomware and an overview of the Linux ransomware landscape. Then, morph into action as we take a technical deep dive into the latest Linux variant using the ATT&CK framework to uncover its techniques, tactics, and procedures. We will equip the audience with actionable insights and tracking recommendations to proactively defend against future attacks. Join us in this epic journey to strengthen your defenses and protect your organization from the growing menace of Akira ransomware. Together, let’s harness the power of ATT&CK to defeat villains and ensure a safer world for all!]]>
From ATT&CKcon 5.0 By Nicole Hoffman, Cisco Talos and James Nutland, Cisco Talos This planet is under attack, and we have brought you here to save it. Within this presentation, we will provide a brief history of Akira ransomware and an overview of the Linux ransomware landscape. Then, morph into action as we take a technical deep dive into the latest Linux variant using the ATT&CK framework to uncover its techniques, tactics, and procedures. We will equip the audience with actionable insights and tracking recommendations to proactively defend against future attacks. Join us in this epic journey to strengthen your defenses and protect your organization from the growing menace of Akira ransomware. Together, let’s harness the power of ATT&CK to defeat villains and ensure a safer world for all!]]> Wed, 13 Nov 2024 15:21:56 GMT /slideshow/go-go-ransom-rangers-diving-into-akira-s-linux-variant-with-att-ck-nicole-hoffman-and-james-nutland/273278606 MITREATTACK@slideshare.net(MITREATTACK) Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole Hoffman and James Nutland MITREATTACK From ATT&CKcon 5.0 By Nicole Hoffman, Cisco Talos and James Nutland, Cisco Talos This planet is under attack, and we have brought you here to save it. Within this presentation, we will provide a brief history of Akira ransomware and an overview of the Linux ransomware landscape. Then, morph into action as we take a technical deep dive into the latest Linux variant using the ATT&CK framework to uncover its techniques, tactics, and procedures. We will equip the audience with actionable insights and tracking recommendations to proactively defend against future attacks. Join us in this epic journey to strengthen your defenses and protect your organization from the growing menace of Akira ransomware. Together, let’s harness the power of ATT&CK to defeat villains and ensure a safer world for all! <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/hoffmangogoransomrangersupdated-241113152156-ced4d1b9-thumbnail.jpg?width=120&height=120&fit=bounds" /> From ATT&CKcon 5.0 By Nicole Hoffman, Cisco Talos and James Nutland, Cisco Talos This planet is under attack, and we have brought you here to save it. Within this presentation, we will provide a brief history of Akira ransomware and an overview of the Linux ransomware landscape. Then, morph into action as we take a technical deep dive into the latest Linux variant using the ATT&CK framework to uncover its techniques, tactics, and procedures. We will equip the audience with actionable insights and tracking recommendations to proactively defend against future attacks. Join us in this epic journey to strengthen your defenses and protect your organization from the growing menace of Akira ransomware. Together, let’s harness the power of ATT&CK to defeat villains and ensure a safer world for all!

Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole Hoffman and James Nutland from MITRE ATT&CK

]]> 80 0 https://cdn.slidesharecdn.com/ss_thumbnails/hoffmangogoransomrangersupdated-241113152156-ced4d1b9-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://public.slidesharecdn.com/v2/images/profile-picture.png attack.mitre.org https://cdn.slidesharecdn.com/ss_thumbnails/sharmaravinext-genthreatinformeddefense-241212123206-90477136-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/next-gen-threat-informed-defense-human-assisted-intelligent-agents-rajesh-sharma-and-shravan-ravi/274015009 Next-Gen Threat-Inform... https://cdn.slidesharecdn.com/ss_thumbnails/tolbertwilliamsbirdsofafeather-attckcon5-241212122803-57478fa4-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/birds-of-a-feather-the-evolution-of-threat-actor-prioritization-gap-analysis-and-detection-curation-using-att-ck-brett-tolbert-and-abdul-williams/274014945 Birds of a Feather: Th... https://cdn.slidesharecdn.com/ss_thumbnails/schorreliattckconslides-measuringtdrwithstpbyelischorr-241129203343-5c729133-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/using-att-ck-and-mitre-ctid-s-stp-frameworks-to-assess-threat-detection-resilience-a-guide-to-evaluating-threat-detection-coverage-eli-schorr/273717977 Using ATT&CK and MITRE...