SlideShare a Scribd company logo

Using ATT&CK to created wicked actors in real data

M
MITRE ATT&CK

From ATT&CKcon 4.0 By Simeon Kakpovi and Greg Schloemer, KC7 Foundation "KC7 uses an experiential learning pedagogy to teach cybersecurity analysis to students of all levels, from elementary school all the way to industry professionals. In the KC7 experience, students analyze realistic cybersecurity data and answer a series of CTF-style questions that guide them through an investigative journey. In order to generate authentic intrusion data, we create a fictional company that is attacked by cyber threat actors. The attributes and behaviors of these actors are defined via yaml configurations that are modeled based on MITRE ATT&CK categories and techniques. For example, we can granularly define what techniques an attacker uses for initial access or lateral movement, and how the actor explicitly uses those techniques. Students that effectively analyze KC7 intrusion data can map the observed activity to the various stages of the MITRE ATTA&CK framework. Organizing actor definitions around the ATTA&CK framework allows KC7 to create a rich set of intrusion data in various permutations - and ensure that students are exposed to a diverse array of scenarios. A pleasant byproduct of this methodology is that students of MITRE ATT&CK can now study techniques contextually in data rather than just reading about them in reports."

Technology
1 of 14
Download to read offline
Using ATT&CK To Create Wicked Actors in Real Data Simeon Kakpovi Greg Schloemer
About Us Greg Schloemer Vice President, KC7 Foundation Threat Intel Analyst (Microsoft) Simeon Kakpovi President, KC7 Foundation Sr Threat Intel Analyst (Microsoft) +10 expert cybersecurity analysts, educators, lawyers
The Problem Access to real intrusion data Develop analytical skills How do you break in? Get a cybersecurity job
Simulated Intrusion Data: How it’s been done Takes weeks/months Outdated TTPs Static, low replay value
The KC7 Approach Configs built in minutes Model latest TTPs New data in seconds
Threat Intel Production Cycle++
Bringing TAs Back to Life
Using building blocks to recreate actors
Pre-built ATT&CK Techniques are building blocks for standard adversary behavior
Putting ATT&CK in Practice
Final Result: What does XYZ technique look like?
Does it work?
Using ATT&CK to created wicked actors in real data

Recommended

Allegory of the cave(1)
Allegory of the cave(1)Allegory of the cave(1)
Allegory of the cave(1)setuid0
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Stefan Streichsbier
 
A Gentle Introduction To Agile
A Gentle Introduction To AgileA Gentle Introduction To Agile
A Gentle Introduction To AgileMichael Sahota
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 
Airbyte - Seed deck
Airbyte - Seed deckAirbyte - Seed deck
Airbyte - Seed deckAirbyte
 
Airbyte - Seed deck
Airbyte - Seed deckAirbyte - Seed deck
Airbyte - Seed deckAirbyte
 
How we tested our code "Google way"
How we tested our code "Google way"How we tested our code "Google way"
How we tested our code "Google way"Oleksiy Rezchykov
 
Infosec at Ludicrous Speeds - Rugged DevOps
Infosec at Ludicrous Speeds - Rugged DevOps Infosec at Ludicrous Speeds - Rugged DevOps
Infosec at Ludicrous Speeds - Rugged DevOps Gene Kim
 

Recommended

Allegory of the cave(1)
Allegory of the cave(1)Allegory of the cave(1)
Allegory of the cave(1)setuid0
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Stefan Streichsbier
 
A Gentle Introduction To Agile
A Gentle Introduction To AgileA Gentle Introduction To Agile
A Gentle Introduction To AgileMichael Sahota
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 
Airbyte - Seed deck
Airbyte - Seed deckAirbyte - Seed deck
Airbyte - Seed deckAirbyte
 
Airbyte - Seed deck
Airbyte - Seed deckAirbyte - Seed deck
Airbyte - Seed deckAirbyte
 
How we tested our code "Google way"
How we tested our code "Google way"How we tested our code "Google way"
How we tested our code "Google way"Oleksiy Rezchykov
 
Infosec at Ludicrous Speeds - Rugged DevOps
Infosec at Ludicrous Speeds - Rugged DevOps Infosec at Ludicrous Speeds - Rugged DevOps
Infosec at Ludicrous Speeds - Rugged DevOps Gene Kim
 
STC Toronto Agile Intro - How can this possibly work?
STC Toronto Agile Intro - How can this possibly work?STC Toronto Agile Intro - How can this possibly work?
STC Toronto Agile Intro - How can this possibly work?Michael Sahota
 
Taking Your Product Development to the Next Level with Full Stack
Taking Your Product Development to the Next Level with Full StackTaking Your Product Development to the Next Level with Full Stack
Taking Your Product Development to the Next Level with Full StackOptimizely
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingSqrrl
 
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackSiscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackElasticsearch
 
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...DevOps Indonesia
 
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6a
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6aKim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6a
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6aGene Kim
 
PuppetConf2012GeneKim
PuppetConf2012GeneKimPuppetConf2012GeneKim
PuppetConf2012GeneKimGene Kim
 
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...Priyanka Aash
 
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...James Anderson
 
The Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure ComputingThe Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure ComputingSpark Summit
 
20070921 Uni Softwareengineering
20070921 Uni Softwareengineering20070921 Uni Softwareengineering
20070921 Uni SoftwareengineeringTony Bibbs
 
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure ExecutionSpark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure ExecutionDatabricks
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Keith Kraus
 
Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...
Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...
Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...Joachim Schlosser
 
Upgrade your attack model: finding and stopping fileless attacks with MITRE A...
Upgrade your attack model: finding and stopping fileless attacks with MITRE A...Upgrade your attack model: finding and stopping fileless attacks with MITRE A...
Upgrade your attack model: finding and stopping fileless attacks with MITRE A...FaithWestdorp
 
Agile Development Ultimate Slides
Agile Development Ultimate SlidesAgile Development Ultimate Slides
Agile Development Ultimate Slidesgilashikwa
 
SLDC Presentation
SLDC PresentationSLDC Presentation
SLDC PresentationCharles Husemann
 
Worst Practices in Artificial Intelligence
Worst Practices in Artificial IntelligenceWorst Practices in Artificial Intelligence
Worst Practices in Artificial IntelligenceWilliam Tsoi
 
Accel Ops Csobc Sans Webcast 090210.Ppt
Accel Ops Csobc Sans Webcast 090210.PptAccel Ops Csobc Sans Webcast 090210.Ppt
Accel Ops Csobc Sans Webcast 090210.PptStephen Tsuchiyama
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionJK Tech
 
Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailMITRE ATT&CK
 
Automating testing by implementing ATT&CK using the Blackboard Architecture
Automating testing by implementing ATT&CK using the Blackboard ArchitectureAutomating testing by implementing ATT&CK using the Blackboard Architecture
Automating testing by implementing ATT&CK using the Blackboard ArchitectureMITRE ATT&CK
 

More Related Content

Similar to Using ATT&CK to created wicked actors in real data

STC Toronto Agile Intro - How can this possibly work?
STC Toronto Agile Intro - How can this possibly work?STC Toronto Agile Intro - How can this possibly work?
STC Toronto Agile Intro - How can this possibly work?Michael Sahota
 
Taking Your Product Development to the Next Level with Full Stack
Taking Your Product Development to the Next Level with Full StackTaking Your Product Development to the Next Level with Full Stack
Taking Your Product Development to the Next Level with Full StackOptimizely
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingSqrrl
 
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackSiscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackElasticsearch
 
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...DevOps Indonesia
 
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6a
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6aKim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6a
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6aGene Kim
 
PuppetConf2012GeneKim
PuppetConf2012GeneKimPuppetConf2012GeneKim
PuppetConf2012GeneKimGene Kim
 
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...Priyanka Aash
 
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...James Anderson
 
The Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure ComputingThe Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure ComputingSpark Summit
 
20070921 Uni Softwareengineering
20070921 Uni Softwareengineering20070921 Uni Softwareengineering
20070921 Uni SoftwareengineeringTony Bibbs
 
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure ExecutionSpark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure ExecutionDatabricks
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Keith Kraus
 
Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...
Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...
Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...Joachim Schlosser
 
Upgrade your attack model: finding and stopping fileless attacks with MITRE A...
Upgrade your attack model: finding and stopping fileless attacks with MITRE A...Upgrade your attack model: finding and stopping fileless attacks with MITRE A...
Upgrade your attack model: finding and stopping fileless attacks with MITRE A...FaithWestdorp
 
Agile Development Ultimate Slides
Agile Development Ultimate SlidesAgile Development Ultimate Slides
Agile Development Ultimate Slidesgilashikwa
 
Worst Practices in Artificial Intelligence
Worst Practices in Artificial IntelligenceWorst Practices in Artificial Intelligence
Worst Practices in Artificial IntelligenceWilliam Tsoi
 
Accel Ops Csobc Sans Webcast 090210.Ppt
Accel Ops Csobc Sans Webcast 090210.PptAccel Ops Csobc Sans Webcast 090210.Ppt
Accel Ops Csobc Sans Webcast 090210.PptStephen Tsuchiyama
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionJK Tech
 

Similar to Using ATT&CK to created wicked actors in real data (20)

STC Toronto Agile Intro - How can this possibly work?
STC Toronto Agile Intro - How can this possibly work?STC Toronto Agile Intro - How can this possibly work?
STC Toronto Agile Intro - How can this possibly work?
 
Taking Your Product Development to the Next Level with Full Stack
Taking Your Product Development to the Next Level with Full StackTaking Your Product Development to the Next Level with Full Stack
Taking Your Product Development to the Next Level with Full Stack
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
 
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackSiscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
 
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
 
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6a
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6aKim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6a
Kim itSMF New England: ITIL at Ludicrous Speeds - Rugged DevOps 6a
 
PuppetConf2012GeneKim
PuppetConf2012GeneKimPuppetConf2012GeneKim
PuppetConf2012GeneKim
 
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
 
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
 
The Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure ComputingThe Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure Computing
 
20070921 Uni Softwareengineering
20070921 Uni Softwareengineering20070921 Uni Softwareengineering
20070921 Uni Softwareengineering
 
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure ExecutionSpark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 
Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...
Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...
Scrum für Embedded-Software: Gut – aber aus anderen Gründen, als Ihr Manager...
 
Upgrade your attack model: finding and stopping fileless attacks with MITRE A...
Upgrade your attack model: finding and stopping fileless attacks with MITRE A...Upgrade your attack model: finding and stopping fileless attacks with MITRE A...
Upgrade your attack model: finding and stopping fileless attacks with MITRE A...
 
Agile Development Ultimate Slides
Agile Development Ultimate SlidesAgile Development Ultimate Slides
Agile Development Ultimate Slides
 
SLDC Presentation
SLDC PresentationSLDC Presentation
SLDC Presentation
 
Worst Practices in Artificial Intelligence
Worst Practices in Artificial IntelligenceWorst Practices in Artificial Intelligence
Worst Practices in Artificial Intelligence
 
Accel Ops Csobc Sans Webcast 090210.Ppt
Accel Ops Csobc Sans Webcast 090210.PptAccel Ops Csobc Sans Webcast 090210.Ppt
Accel Ops Csobc Sans Webcast 090210.Ppt
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM Solution
 

More from MITRE ATT&CK

Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailMITRE ATT&CK
 
Automating testing by implementing ATT&CK using the Blackboard Architecture
Automating testing by implementing ATT&CK using the Blackboard ArchitectureAutomating testing by implementing ATT&CK using the Blackboard Architecture
Automating testing by implementing ATT&CK using the Blackboard ArchitectureMITRE ATT&CK
 
I can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CKI can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CKMITRE ATT&CK
 
CISA usage of ATT&CK in Cybersecurity Advisories
CISA usage of ATT&CK in Cybersecurity AdvisoriesCISA usage of ATT&CK in Cybersecurity Advisories
CISA usage of ATT&CK in Cybersecurity AdvisoriesMITRE ATT&CK
 
ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)
ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)
ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)MITRE ATT&CK
 
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...MITRE ATT&CK
 
Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
Evaluating and Enhancing Security Maturity through MITRE ATT&CK MappingEvaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
Evaluating and Enhancing Security Maturity through MITRE ATT&CK MappingMITRE ATT&CK
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK
 
MITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight BagMITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight BagMITRE ATT&CK
 
Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry
Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR TelemetryTidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry
Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR TelemetryMITRE ATT&CK
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSMITRE ATT&CK
 
MITRE ATT&CK Updates: State of the Cloud
MITRE ATT&CK Updates: State of the CloudMITRE ATT&CK Updates: State of the Cloud
MITRE ATT&CK Updates: State of the CloudMITRE ATT&CK
 
MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...
MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...
MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...MITRE ATT&CK
 
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...MITRE ATT&CK
 
Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...
Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...
Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...MITRE ATT&CK
 
ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...
ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...
ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...MITRE ATT&CK
 
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...MITRE ATT&CK
 
MITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK
 
The case for quishing
The case for quishingThe case for quishing
The case for quishingMITRE ATT&CK
 
Discussion on Finding Relationships in Cyber Data
Discussion on Finding Relationships in Cyber DataDiscussion on Finding Relationships in Cyber Data
Discussion on Finding Relationships in Cyber DataMITRE ATT&CK
 

More from MITRE ATT&CK (20)

Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of Detail
 
Automating testing by implementing ATT&CK using the Blackboard Architecture
Automating testing by implementing ATT&CK using the Blackboard ArchitectureAutomating testing by implementing ATT&CK using the Blackboard Architecture
Automating testing by implementing ATT&CK using the Blackboard Architecture
 
I can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CKI can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CK
 
CISA usage of ATT&CK in Cybersecurity Advisories
CISA usage of ATT&CK in Cybersecurity AdvisoriesCISA usage of ATT&CK in Cybersecurity Advisories
CISA usage of ATT&CK in Cybersecurity Advisories
 
ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)
ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)
ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)
 
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
Civil Society, Pegasus, and Predator: What Sophisticated Spyware Means For Us...
 
Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
Evaluating and Enhancing Security Maturity through MITRE ATT&CK MappingEvaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
 
MITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight BagMITRE ATT&CK based Threat Analysis for Electronic Flight Bag
MITRE ATT&CK based Threat Analysis for Electronic Flight Bag
 
Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry
Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR TelemetryTidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry
Tidying up your Nest: Validating ATT&CK Technique Coverage using EDR Telemetry
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
 
MITRE ATT&CK Updates: State of the Cloud
MITRE ATT&CK Updates: State of the CloudMITRE ATT&CK Updates: State of the Cloud
MITRE ATT&CK Updates: State of the Cloud
 
MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...
MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...
MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT...
 
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
 
Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...
Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...
Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stake...
 
ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...
ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...
ATT&CK is the Best Defense - Emulating Sophisticated Adversary Malware to Bol...
 
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
 
MITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICS
 
The case for quishing
The case for quishingThe case for quishing
The case for quishing
 
Discussion on Finding Relationships in Cyber Data
Discussion on Finding Relationships in Cyber DataDiscussion on Finding Relationships in Cyber Data
Discussion on Finding Relationships in Cyber Data
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Using ATT&CK to created wicked actors in real data