ATT&CK Structure Part II: From Taxonomy to Ontology

In Part I, I described some structural problems in MITRE’s ATT&CK adversarial behavior framework. We looked at a couple of examples of techniques that vary greatly in terms of abstraction as well ...
Figure 1 – Monero’s value in USD from December 2018 to June 2019, source - CoinGecko.com

Cryptojacking: An Unwanted Guest

We analyse a cryptojacking attack that mines the Monero cryptocurrency. The value of Monero in US dollars has more than doubled over the first half of 2019, from $46 to $98. The ...
Deriving value from the MITRE ATT&CK Threat Model

Deriving value from the MITRE ATT&CK Threat Model

| | ATT&CK, MITRE, Threat, threatQ
The MITRE ATT&CK knowledge base continues to gain traction as the defacto source for supporting business threat assessing, developing proactive cybersecurity and cyber resilience strategies. ATT&CK provides a defined understanding of the ...

Fine-Tuning Cybersecurity with the ATT&CK Framework

This Thursday, March 7, 2019, I’ll be facilitating a Learning Lab titled Fine Tuning Your Cyber-Defense Technologies with the ATT&CK Framework at the 2019 RSA Conference in San Francisco, CA. This will ...

Using ATT&CK As a Teacher

Over the past few years, I’ve had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and ...

The MITRE ATT&CK Framework: Command and Control

Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case ...

The MITRE ATT&CK Framework: Exfiltration

Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage ...

The MITRE ATT&CK Framework: Collection

The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives. I see most of these techniques as ...

The MITRE ATT&CK Framework: Lateral Movement

It will be rare that an attacker exploits a single system and does not attempt any lateral movement within the network. Even ransomware that typically targets a single system at a time ...

The MITRE ATT&CK Framework: Privilege Escalation

Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access ...
Loading...