Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

MITRE ATT&CKcon 2.0: STIX in the Mud (Lightning Talk); Bryson Bort, SCYTHE

MITRE ATT&CKcon 2.0: STIX in the Mud (Lightning Talk); Bryson Bort, SCYTHE

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

MITRE ATT&CKcon 2.0: STIX in the Mud (Lightning Talk); Bryson Bort, SCYTHE

  1. 1. STIX in the Mud
  2. 2. Us Bryson Bort Daniel Riedel @brysonbort @riedelinc
  3. 3. Today’s Threat Intel ● Static Identifiers are Limited ○ Ch-ch-ch-changes ● Analyst reports... ○ Have to read them… ○ Then. Do. Something.
  4. 4. STIX v2.1 STIX 2.1 Extends STIX 2.0 ● Course of Action Improvements ● Malware Objects ● Infrastructure Objects ● Grouping Object Combined with STIX patterning creates even more robust machine readable threat intel
  5. 5. Still Need ● Ability to reduce noise/dedup ● Priority and severity that organizations stand behind. ● ATT&CK/KillChain context
  6. 6. Threat Intelligence for the Machine S0129 – AutoIT T1068 – Exploitation for Privilege Escalation S0194 - PowerSploit T1003 - Credential Dumping IP Address S0002 - Mimikatz S0192 - Pupy Hash Value T1086 - Powershell Graphic derived from idea by Katie Nickels, MITRE

    Be the first to comment

MITRE ATT&CKcon 2.0: STIX in the Mud (Lightning Talk); Bryson Bort, SCYTHE

Views

Total views

494

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

52

Shares

0

Comments

0

Likes

0

×