SlideShare a Scribd company logo

MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE

MITRE - ATT&CKcon
MITRE - ATT&CKcon

This document provides an overview and update on the MITRE ATT&CK framework. It discusses the growth and updates made to ATT&CK in 2019, including the addition of 43 new techniques and 1 new tactic. It also previews upcoming work on implementing sub-techniques to provide more granular detail within techniques, and expanding ATT&CK to new domains like cloud computing and industrial control systems. The large community contribution to ATT&CK is also acknowledged.

Technology
1 of 19
Download to read offline
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-01075-6. MITRE | 1 | State of the ATT&CK Blake Strom @stromcoffee @MITREattack #ATTACKcon ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 2 | ATT&CK Circa 2014 Persistence Privilege Escalation Credential Access Host Enumeration Defense Evasion Lateral Movement Command and Control Exfiltration New service Exploitation of vulnerability OS/Software Weakness Process enumeration Software packing RDP Common protocol, follows standard Normal C&C channel Modify existing service Service file permissions weakness User interaction Service enumeration Masquerading Windows admin shares (C$, ADMIN$) Common protocol, non- standard Alternate data channel DLL Proxying Service registry permissions weakness Network sniffing Local network config DLL Injection Windows shared webroot Commonly used protocol on non- standard port Exfiltration over other network medium Hypervisor Rookit DLL path hijacking Stored file Local network connections DLL loading Remote vulnerability Communications encrypted Exfiltration over physical medium Winlogon Helper DLL Path interception Window enumeration Standard protocols Logon scripts Communications are obfuscated Encrypted separately Path Interception Modification of shortcuts Account enumeration Obfuscated payload Application deployment software Distributed communications Compressed separately Registry run keys / Startup folder addition Editing of default handlers Group enumeration Indicator removal Taint shared content Multiple protocols combined Data staged Modification of shortcuts AT / Schtasks / Cron Owner/user enumeration Indicator blocking Access to remote services with valid credentials Automated or scripted data exfiltration MBR / BIOS rootkit Operating system enumeration Pass the hash Size limits Editing of default handlers Security software enumeration Scheduled transfer AT / Schtasks / Cron File system enumeration Detect Partially Detect No Detect No Usage
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 4 | ATT&CK Today ATT&CK for ICS ATT&CK Evaluations Cyber Analytics Repository ATT&CK-Based SOC Assessments PRE-ATT&CK Mobile ATT&CK ATT&CK TodayATT&CK Sightings
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 We Didn’t Get Here By Accident | 5 |
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Updates this Year – By the Numbers | 6 | 1 43 13 16 87 NEW TACTIC NEW TECHNIQUES NEW MOBILE TECHNIQUES NEW GROUPS NEW SOFTWARE 41 87 16 67 92 NEW MITIGATIONS UPDATED TECHNIQUES UPDATED MOB TECHNIQUES UPDATED GROUPS UPDATED SOFTWARE
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-01075-6. | 7 | ATT&CK for Cloud for Cloud Credit to Dave Herrald and Ryan Kovar
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 ATT&CK for Cloud • 36 techniques • Part of Enterprise ATT&CK • Almost 100% community- contributed techniques! • Input from: • A cloud service provider • Red teams • Threat analysts • Detection analysts | 8 |
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 9 |
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 10 | Impact Tactic Data Destruction Data Encrypted for Impact DefacementDisk Content Wipe Disk Structure Wipe Endpoint DoS Firmware Corruption Inhibit System Recovery Network DoS Resource Hijacking Runtime Data Manipulation Service Stop Stored Data Manipulation Transmitted Data Manipulation System Shutdown/Reboot Account Access Removal ▪ Attacks targeting availability and integrity ▪ Ex: Ransomware, DoS, destruction ▪ 16 techniques
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 11 | Mitigations
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Abstraction Issues in ATT&CK • Some broad techniques • Account Manipulation • Credential Dumping • Some narrow • Rundll32 • MSBuild • Hard to strike the right balance now | 12 |
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 13 | Groups of behaviors Use what we have Maintain an adversary mindset Platform specific techniques How Do We Scope Sub-Techniques?
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Sub-Technique Implementation • Rough stats (so far) • Techniques: 266 166 • Sub-techniques: 280 • Implementing now • Pausing other updates • No groups/software! • Going into companion website for preview • Won’t be defacto ATT&CK • 3+ month feedback period | 14 |
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 15 | Credential Access Account Manipulation Bash History Brute Force Credential Dumping Credentials in Files … Credential Dumping Sub-Techniques (draft) SAM (Security Accounts Manager) Local Security Authority (LSA) Secrets NTDS from Domain Controller Cached Credentials … Sub-Technique Example
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Sub-Technique Feedback • Are sub-techniques necessary and are we on the right track? • Overwhelmingly, yes! • Aren’t they procedures? • No • Visualization challenges • One-to-many issues • Mapping old to new • Data source refinement • OS agnostic techniques • Techniques should always have sub-techniques • Sub-techniques should be OS specific • Will help with false sense of security | 16 |
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Growth of the ATT&CK Community | 17 | •Alain Homewood, Insomnia Security •Alan Neville, @abnev •Alex Hinchliffe, Palo Alto Networks •Alfredo Abarca •Allen DeRyke, ICE •Anastasios Pingios •Andrew Smith, @jakx_ •Avneet Singh •Barry Shteiman, Exabeam •Bart Parys •Bartosz Jerzman •Brian Prange •Bryan Lee •Carlos Borges, @huntingneo, CIP •Casey Smith •Christiaan Beek, @ChristiaanBeek •Christoffer Strömblad •Cody Thomas, SpecterOps •Craig Aitchison •CrowdStrike Falcon OverWatch •Cybereason Nocturnus, @nocturnus •Daniel Oakley •Darren Spruell •Dave Westgard •David Ferguson, CyberSponse •David Lu, Tripwire •David Routin •Drew Church, Splunk •Ed Williams, Trustwave, SpiderLabs •Edward Millington •Elger Vinicius S. Rodrigues, CYBINT Centre •Elia Florio, Microsoft •Elly Searle, CrowdStrike •Emily Ratliff, IBM •ENDGAME •Eric Kuehn, Secure Ideas •Erika Noerenberg, @gutterchurl, Carbon Black •Erye Hernandez, Palo Alto Networks •ESET •Felipe Espósito, @Pr0teus •Filip Kafka, ESET •FS-ISAC •Hans Christoffer Gaardløs •Heather Linn •Itamar Mizrahi •Itzik Kotler, SafeBreach •Ivan Sinyakov •Jacob Wilkin, Trustwave, SpiderLabs •Jan Miller, CrowdStrike •Jannie Li, Microsoft (MSTIC) •Jared Atkinson, @jaredcatkinson •Jean-Ian Boutin, ESET •Jeff Sakowicz, Microsoft (IDPM Services) •Jeremy Galloway •Jimmy Astle, @AstleJimmy, Carbon Black •Johann Rehberger •John Lambert, Microsoft (MSTIC) •John Strand •Josh Abraham •Justin Warner, ICEBRG •Jörg Abraham, EclecticIQ •Kaspersky •Lab52 by S2 Grupo •Leo Loobeek, @leoloobeek •Loic Jaquemet •Lucas da Silva Pereira, @vulcanunsec, CIP •Lukáš Štefanko, ESET •Marc-Etienne M.Léveillé, ESET •Mark Wee •Martin Jirkal, ESET •Martin Smolar, ESET •Matias Nicolas Porolli, ESET •Matt Graeber, @mattifestation, SpecterOps •Matt Kelly, @breakersall •Matthew Demaske, Adaptforward •Matthew Molyett, @s1air •McAfee •Michael Cox •Michal Dida, ESET •Microsoft Threat Intelligence Center (MSTIC) •Mike Kemmerer •Milos Stojadinovic •Mnemonic •Netskope •Nick Carr, FireEye •Nik Seetharaman, Palantir •Nishan Maharjan, @loki248 •Oddvar Moe, @oddvarmoe •Oleg Kolesnikov •Oleg Skulkin, Group-IB •Omkar Gudhate •Patrick Campbell, @pjcampbe11 •Paul Speulstra, AECOM •Pedro Harrison •Praetorian •Prashant Verma, Paladion •Rahmat Nurfauzi, PT Xynexis International •Red Canary •RedHuntLabs, @redhuntlabs •Ricardo Dias •Richard Gold, Digital Shadows •Richie Cyrus, SpecterOps •Rob Smith •Robby Winchester, @robwinchester3 •Robert Falcone •Romain Dumont, ESET •Ryan Becwar •Ryan Benson, Exabeam •Sahar Shukrun •Saisha Agrawal, Microsoft (MSTIC) •Scott Lundgren, @5twenty9, Carbon Black •Shailesh Tiwary (Indian Army) •Shane Tully, @securitygypsy •Stefan Kanthak •Sudhanshu Chauhan, @Sudhanshu_C •Sunny Neo •Swetha Prabakaran, Microsoft (MSTIC) •Sylvain Gil, Exabeam •Tatsuya Daitoku, Cyber Defense Institute, Inc. •Teodor Cimpoesu •Tim MalcomVetter •Tom Ueltschi @c_APT_ure •Tony Lambert, Red Canary •Travis Smith, Tripwire •Tristan Bennett, Seamless Intelligence •Valerii Marchuk, Cybersecurity Help s.r.o. •Veeral Patel •Vincent Le Toux •Walker Johnson •Wayne Silva, Countercept •Ye Yint Min Thu Htut, DBS Bank •Yonatan Gotlib, Deep Instinct Individuals + orgs contributing to ATT&CK!
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 18 | Mobile ATT&CK Enterprise ATT&CK PRE-ATT&CK It’s just ICS ATT&CK Mappings to Controls Frameworks Things Yet to Come
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 More ATT&CK Updates! Tuesday 1:30 pm TRAM 3:45 pm ATT&CK Sightings Wednesday 10:15 am ICS ATT&CK 12:00 pm Controls Mapping 2:00 pm CAR and Analytics 3:15 pm PRE Integration | 19 |
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 20 | attack@mitre.org @MITREattack #ATTACKcon Blake Strom @stromcoffee

Recommended

State of the ATT&CK
State of the ATT&CKState of the ATT&CK
State of the ATT&CKMITRE ATT&CK
 
ATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsMITRE ATT&CK
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamMITRE ATT&CK
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...MITRE ATT&CK
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developersMITRE ATT&CK
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 

Recommended

State of the ATT&CK
State of the ATT&CKState of the ATT&CK
State of the ATT&CKMITRE ATT&CK
 
ATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsMITRE ATT&CK
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamMITRE ATT&CK
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...MITRE ATT&CK
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developersMITRE ATT&CK
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookMITRE ATT&CK
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKMITRE ATT&CK
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 
ATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSMITRE ATT&CK
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKMITRE ATT&CK
 
Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...MITRE ATT&CK
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterMITRE ATT&CK
 
ATT&CKcon Intro
ATT&CKcon IntroATT&CKcon Intro
ATT&CKcon IntroMITRE ATT&CK
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudMITRE ATT&CK
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Mapping ATT&CK Techniques to ENGAGE Activities
Mapping ATT&CK Techniques to ENGAGE ActivitiesMapping ATT&CK Techniques to ENGAGE Activities
Mapping ATT&CK Techniques to ENGAGE ActivitiesMITRE ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Automating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections CollectorAutomating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections CollectorMITRE ATT&CK
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 

More Related Content

What's hot

The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookMITRE ATT&CK
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKMITRE ATT&CK
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 
ATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSMITRE ATT&CK
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKMITRE ATT&CK
 
Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...MITRE ATT&CK
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterMITRE ATT&CK
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudMITRE ATT&CK
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Mapping ATT&CK Techniques to ENGAGE Activities
Mapping ATT&CK Techniques to ENGAGE ActivitiesMapping ATT&CK Techniques to ENGAGE Activities
Mapping ATT&CK Techniques to ENGAGE ActivitiesMITRE ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Automating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections CollectorAutomating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections CollectorMITRE ATT&CK
 

What's hot (20)

The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT Playbook
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
 
ATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICS
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CKATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
 
Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the Center
 
ATT&CKcon Intro
ATT&CKcon IntroATT&CKcon Intro
ATT&CKcon Intro
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue Divide
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Mapping ATT&CK Techniques to ENGAGE Activities
Mapping ATT&CK Techniques to ENGAGE ActivitiesMapping ATT&CK Techniques to ENGAGE Activities
Mapping ATT&CK Techniques to ENGAGE Activities
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
Automating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections CollectorAutomating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections Collector
 

Similar to MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE

Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...Adam Pennington
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACristian Garcia G.
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Robert Brandel
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailMITRE ATT&CK
 
Cyberteq - Cyber Security for Telecom.pdf
Cyberteq - Cyber Security for Telecom.pdfCyberteq - Cyber Security for Telecom.pdf
Cyberteq - Cyber Security for Telecom.pdfssuser8717cc
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPRISMA CSI
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Niel Dunnage
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011Donald E. Hester
 
Emulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceEmulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceAdam Pennington
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 

Similar to MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE (20)

Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Dealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of DetailDealing With ATT&CK's Different Levels Of Detail
Dealing With ATT&CK's Different Levels Of Detail
 
Cyberteq - Cyber Security for Telecom.pdf
Cyberteq - Cyber Security for Telecom.pdfCyberteq - Cyber Security for Telecom.pdf
Cyberteq - Cyber Security for Telecom.pdf
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber Security
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011
 
Emulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceEmulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect Intelligence
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIs
 

More from MITRE - ATT&CKcon

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?MITRE - ATT&CKcon
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?MITRE - ATT&CKcon
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesMITRE - ATT&CKcon
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?MITRE - ATT&CKcon
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-TechniquesMITRE - ATT&CKcon
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 

More from MITRE - ATT&CKcon (20)

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - January
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have Changed
 
Putting the PRE into ATTACK
Putting the PRE into ATTACKPutting the PRE into ATTACK
Putting the PRE into ATTACK
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the Matrices
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis Question
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?What's New with ATTACK for Cloud?
What's New with ATTACK for Cloud?
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - December
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE

  • 1. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-01075-6. MITRE | 1 | State of the ATT&CK Blake Strom @stromcoffee @MITREattack #ATTACKcon ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15
  • 2. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 2 | ATT&CK Circa 2014 Persistence Privilege Escalation Credential Access Host Enumeration Defense Evasion Lateral Movement Command and Control Exfiltration New service Exploitation of vulnerability OS/Software Weakness Process enumeration Software packing RDP Common protocol, follows standard Normal C&C channel Modify existing service Service file permissions weakness User interaction Service enumeration Masquerading Windows admin shares (C$, ADMIN$) Common protocol, non- standard Alternate data channel DLL Proxying Service registry permissions weakness Network sniffing Local network config DLL Injection Windows shared webroot Commonly used protocol on non- standard port Exfiltration over other network medium Hypervisor Rookit DLL path hijacking Stored file Local network connections DLL loading Remote vulnerability Communications encrypted Exfiltration over physical medium Winlogon Helper DLL Path interception Window enumeration Standard protocols Logon scripts Communications are obfuscated Encrypted separately Path Interception Modification of shortcuts Account enumeration Obfuscated payload Application deployment software Distributed communications Compressed separately Registry run keys / Startup folder addition Editing of default handlers Group enumeration Indicator removal Taint shared content Multiple protocols combined Data staged Modification of shortcuts AT / Schtasks / Cron Owner/user enumeration Indicator blocking Access to remote services with valid credentials Automated or scripted data exfiltration MBR / BIOS rootkit Operating system enumeration Pass the hash Size limits Editing of default handlers Security software enumeration Scheduled transfer AT / Schtasks / Cron File system enumeration Detect Partially Detect No Detect No Usage
  • 3. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 4 | ATT&CK Today ATT&CK for ICS ATT&CK Evaluations Cyber Analytics Repository ATT&CK-Based SOC Assessments PRE-ATT&CK Mobile ATT&CK ATT&CK TodayATT&CK Sightings
  • 4. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 We Didn’t Get Here By Accident | 5 |
  • 5. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Updates this Year – By the Numbers | 6 | 1 43 13 16 87 NEW TACTIC NEW TECHNIQUES NEW MOBILE TECHNIQUES NEW GROUPS NEW SOFTWARE 41 87 16 67 92 NEW MITIGATIONS UPDATED TECHNIQUES UPDATED MOB TECHNIQUES UPDATED GROUPS UPDATED SOFTWARE
  • 6. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-01075-6. | 7 | ATT&CK for Cloud for Cloud Credit to Dave Herrald and Ryan Kovar
  • 7. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 ATT&CK for Cloud • 36 techniques • Part of Enterprise ATT&CK • Almost 100% community- contributed techniques! • Input from: • A cloud service provider • Red teams • Threat analysts • Detection analysts | 8 |
  • 8. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 9 |
  • 9. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 10 | Impact Tactic Data Destruction Data Encrypted for Impact DefacementDisk Content Wipe Disk Structure Wipe Endpoint DoS Firmware Corruption Inhibit System Recovery Network DoS Resource Hijacking Runtime Data Manipulation Service Stop Stored Data Manipulation Transmitted Data Manipulation System Shutdown/Reboot Account Access Removal ▪ Attacks targeting availability and integrity ▪ Ex: Ransomware, DoS, destruction ▪ 16 techniques
  • 10. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 11 | Mitigations
  • 11. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Abstraction Issues in ATT&CK • Some broad techniques • Account Manipulation • Credential Dumping • Some narrow • Rundll32 • MSBuild • Hard to strike the right balance now | 12 |
  • 12. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 13 | Groups of behaviors Use what we have Maintain an adversary mindset Platform specific techniques How Do We Scope Sub-Techniques?
  • 13. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Sub-Technique Implementation • Rough stats (so far) • Techniques: 266 166 • Sub-techniques: 280 • Implementing now • Pausing other updates • No groups/software! • Going into companion website for preview • Won’t be defacto ATT&CK • 3+ month feedback period | 14 |
  • 14. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 15 | Credential Access Account Manipulation Bash History Brute Force Credential Dumping Credentials in Files … Credential Dumping Sub-Techniques (draft) SAM (Security Accounts Manager) Local Security Authority (LSA) Secrets NTDS from Domain Controller Cached Credentials … Sub-Technique Example
  • 15. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Sub-Technique Feedback • Are sub-techniques necessary and are we on the right track? • Overwhelmingly, yes! • Aren’t they procedures? • No • Visualization challenges • One-to-many issues • Mapping old to new • Data source refinement • OS agnostic techniques • Techniques should always have sub-techniques • Sub-techniques should be OS specific • Will help with false sense of security | 16 |
  • 16. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 Growth of the ATT&CK Community | 17 | •Alain Homewood, Insomnia Security •Alan Neville, @abnev •Alex Hinchliffe, Palo Alto Networks •Alfredo Abarca •Allen DeRyke, ICE •Anastasios Pingios •Andrew Smith, @jakx_ •Avneet Singh •Barry Shteiman, Exabeam •Bart Parys •Bartosz Jerzman •Brian Prange •Bryan Lee •Carlos Borges, @huntingneo, CIP •Casey Smith •Christiaan Beek, @ChristiaanBeek •Christoffer Strömblad •Cody Thomas, SpecterOps •Craig Aitchison •CrowdStrike Falcon OverWatch •Cybereason Nocturnus, @nocturnus •Daniel Oakley •Darren Spruell •Dave Westgard •David Ferguson, CyberSponse •David Lu, Tripwire •David Routin •Drew Church, Splunk •Ed Williams, Trustwave, SpiderLabs •Edward Millington •Elger Vinicius S. Rodrigues, CYBINT Centre •Elia Florio, Microsoft •Elly Searle, CrowdStrike •Emily Ratliff, IBM •ENDGAME •Eric Kuehn, Secure Ideas •Erika Noerenberg, @gutterchurl, Carbon Black •Erye Hernandez, Palo Alto Networks •ESET •Felipe Espósito, @Pr0teus •Filip Kafka, ESET •FS-ISAC •Hans Christoffer Gaardløs •Heather Linn •Itamar Mizrahi •Itzik Kotler, SafeBreach •Ivan Sinyakov •Jacob Wilkin, Trustwave, SpiderLabs •Jan Miller, CrowdStrike •Jannie Li, Microsoft (MSTIC) •Jared Atkinson, @jaredcatkinson •Jean-Ian Boutin, ESET •Jeff Sakowicz, Microsoft (IDPM Services) •Jeremy Galloway •Jimmy Astle, @AstleJimmy, Carbon Black •Johann Rehberger •John Lambert, Microsoft (MSTIC) •John Strand •Josh Abraham •Justin Warner, ICEBRG •Jörg Abraham, EclecticIQ •Kaspersky •Lab52 by S2 Grupo •Leo Loobeek, @leoloobeek •Loic Jaquemet •Lucas da Silva Pereira, @vulcanunsec, CIP •Lukáš Štefanko, ESET •Marc-Etienne M.Léveillé, ESET •Mark Wee •Martin Jirkal, ESET •Martin Smolar, ESET •Matias Nicolas Porolli, ESET •Matt Graeber, @mattifestation, SpecterOps •Matt Kelly, @breakersall •Matthew Demaske, Adaptforward •Matthew Molyett, @s1air •McAfee •Michael Cox •Michal Dida, ESET •Microsoft Threat Intelligence Center (MSTIC) •Mike Kemmerer •Milos Stojadinovic •Mnemonic •Netskope •Nick Carr, FireEye •Nik Seetharaman, Palantir •Nishan Maharjan, @loki248 •Oddvar Moe, @oddvarmoe •Oleg Kolesnikov •Oleg Skulkin, Group-IB •Omkar Gudhate •Patrick Campbell, @pjcampbe11 •Paul Speulstra, AECOM •Pedro Harrison •Praetorian •Prashant Verma, Paladion •Rahmat Nurfauzi, PT Xynexis International •Red Canary •RedHuntLabs, @redhuntlabs •Ricardo Dias •Richard Gold, Digital Shadows •Richie Cyrus, SpecterOps •Rob Smith •Robby Winchester, @robwinchester3 •Robert Falcone •Romain Dumont, ESET •Ryan Becwar •Ryan Benson, Exabeam •Sahar Shukrun •Saisha Agrawal, Microsoft (MSTIC) •Scott Lundgren, @5twenty9, Carbon Black •Shailesh Tiwary (Indian Army) •Shane Tully, @securitygypsy •Stefan Kanthak •Sudhanshu Chauhan, @Sudhanshu_C •Sunny Neo •Swetha Prabakaran, Microsoft (MSTIC) •Sylvain Gil, Exabeam •Tatsuya Daitoku, Cyber Defense Institute, Inc. •Teodor Cimpoesu •Tim MalcomVetter •Tom Ueltschi @c_APT_ure •Tony Lambert, Red Canary •Travis Smith, Tripwire •Tristan Bennett, Seamless Intelligence •Valerii Marchuk, Cybersecurity Help s.r.o. •Veeral Patel •Vincent Le Toux •Walker Johnson •Wayne Silva, Countercept •Ye Yint Min Thu Htut, DBS Bank •Yonatan Gotlib, Deep Instinct Individuals + orgs contributing to ATT&CK!
  • 17. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 18 | Mobile ATT&CK Enterprise ATT&CK PRE-ATT&CK It’s just ICS ATT&CK Mappings to Controls Frameworks Things Yet to Come
  • 18. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 More ATT&CK Updates! Tuesday 1:30 pm TRAM 3:45 pm ATT&CK Sightings Wednesday 10:15 am ICS ATT&CK 12:00 pm Controls Mapping 2:00 pm CAR and Analytics 3:15 pm PRE Integration | 19 |
  • 19. ©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 19-00696-15 | 20 | attack@mitre.org @MITREattack #ATTACKcon Blake Strom @stromcoffee