MITRE ATTACK
CISA and FBI Issue Alert on OS Command Injection Vulnerabilities
CISA and FBI issued a critical advisory on July 10, 2024, urging software companies to review their products and eliminate OS command injection vulnerabilities at the source. This urgent call comes in ...
Part 13
On Detection: Tactical to FunctionalWhy a Single Test Case is InsufficientIntroductionIn my previous post, I explored the idea that different tools can implement the same operation chain (behavior) in various ways. I ...
On Detection: Tactical to Functional
Part 10: Implicit Process CreateIntroductionWelcome back to another installment of the On Detection: Tactical to Functional series. In the previous article, I argued that we perceive actions within our environment at the Operational ...
Beyond Procedures: Digging into the Function Call Stack
Within the cybersecurity industry, many of us have a natural inclination towards digging into technical concepts and understanding what is going on under the hood. Or, if you are like me, you ...
The 5 Cornerstones for an Effective Cyber Security Awareness Training
It’s not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations ...
Understanding MITRE ATT&CK Framework?
Introduced in 2013 by MITRE, the ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) is a way to describe adversarial behaviors expressed in matrices. The matrices contain different techniques and tactics associated with ...
Understanding MITRE ATT&CK Framework?
Introduced in 2013 by MITRE, the ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) is a way to describe adversarial behaviors expressed in matrices. The matrices contain different techniques and tactics associated with ...
Common Weakness Enumeration (CWE) and Why You Should Care
Common Weakness Enumeration (CWE) and Why You Should Care Security vulnerabilities come in all sizes, shapes, and forms today. Staying ahead of attackers requires organizations, their security teams, and pretty much everyone ...
Your Guide to MITRE ATT&CK Framework
Your Guide to MITRE ATT&CK Framework Cybersecurity has become a routine activity for the majority of companies. Cyberattacks no longer generate the shock and horror they once did. They’re now just par ...
On Detection: Tactical to Functional
Part 3: Expanding the Function Call GraphIntroductionIn the previous post in this series, I introduced the concept of operations and demonstrated how each operation has a function call graph that undergirds it. In ...