SlideShare a Scribd company logo

Mapping the ASD Essential 8 to the Mitre ATTACK™ framework

Digital Shadows
Digital Shadows

We took our recent work on the Mitre ATT&CK framework and various indictments of cyber criminals and nation state actors and mapped them to the Essential 8 framework.

1 of 1
Download to read offline
3. Persistence 7. Discovery 9. Collection Mitre ATT&CK Stage Tactic GRU 1. Initial Access 6. Credential Access 5. Defense Evasion 4. Privilege Escalation ! 2. Execution 8. Lateral Movement 10. Exfiltration 11. Command & Control Spearphishing attachment Application whitelisting Drive-by Compromise Spearphishing link Exploit Public-Facing Application User Execution Valid Accounts Exploitation for Client Execution Trusted Relationship Spearphishing via Service Bootkit Valid Accounts Login Item Launch Agent Application Shimming Modify Existing Service Web Shell Obfuscated Files or Information Clear Command History Masquerading Exploitation for Defense Evasion Input Capture Exploitation for Credential Access Remote Services Credentials in Files Network Service Scanning Private Keys Remote System Discovery Hooking Windows Admin Shares Data from Local System / Network Shared Drive Data Staged Input Capture Email Collection Screen Capture Data Encrypted Data Compressed Automated Col- lection Custom Cryptographic Protocol Commonly Used Port Data Encoding Custom Command and Control Protocol Remote File Copy Multi-hop Proxy ASD Essential 8 and Mitre ATT&CK Exploitation for Privilege Escalation Data from Information Re- positories FIN7 FSB Hidden COBRA ASD Essential 8 Digital Shadows Advice Patch applications, Patch operating systems Multi-factor authentication Restrict administrative priv- ileges Patch applications User application hardening, Configure Microsoft Office macro settings Restrict administrative privileges, Patch Operating Systems Restrict administrative privileges Patch Operating Systems Multi-factor authentication Patch Operating Systems Patch User Applications Patch User Applications Application Whitelisting Application Whitelisting Multi-factor authentication Restrict administrative privileges Restrict administrative privileges Restrict administrative privileges Monitoring for the creation of phishing domains Monitoring for persistence mechanisms via KnockKnock or for launch file creation via other file monitoring solutions such as EDR Example: Monitoring for PowerShell scripts via the Anti Malware Script Interface (AMSI) in Windows 10 reveals the deobfuscated commands Monitoring for user authentications, via SSH for example, which do not correspond to changes in a user’s command history may indicate attempts to evade detection EDR systems may be able to detect attempts to install hook procedures Procedural controls such as training, awareness and regular reviews can be used to educate users to the dangers of leaving valid credentials in files EDR and/or SIEM solutions can detect port scanning activities EDR and/or SIEM solutions can detect remote system discovery activities Malicious behavior can be cross-correlated with the accessing of remote services to track an adversary through an environment EDR and/or SIEM solutions can be used to detect data being gather from local and remote systems EDR and/or SIEM solutions can be used to detect data being automatically collected especially when scripts or command line tools are used User Behavior Analytics (UBA) may detect anomalous collection patterns. Logs of activity for information repository access should be kept EDR and/or SIEM solutions can be used to detect email being collected especially when scripts or command line tools are used against APIs EDR and/or SIEM solutions can be used to detect data being staged especially when scripts or command line tools are used Network monitoring can be used to detect the usage of protocols typically not present in an environment, such as FTP, as well as anomalous file transfers via other mediums Network monitoring can detect the usage of, for example, base64 encoding in network traffic Network monitoring for encrypted communications which do not follow standards such as TLS/SSL may detect the usage of custom cryptographic protocols Network logs can be used to detect anom- alous network traffic using protocols such as DNS in previously unseen ways Network logs can be used to detect anom- alous network traffic, e.g., from previously unseen applications Monitoring for the creation of phishing domains Monitoring for the creation of phishing domains

Recommended

Cryptography
Cryptography Cryptography
Cryptography
shubham Kumar
 
credit card fraud detection
credit card fraud detectioncredit card fraud detection
credit card fraud detection
jagan477830
 
Level Up: Lessons in User Retention from the Gaming Industry
Level Up: Lessons in User Retention from the Gaming IndustryLevel Up: Lessons in User Retention from the Gaming Industry
Level Up: Lessons in User Retention from the Gaming Industry
CleverTap
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptography
guest9006ab
 
Credit Card Fraud Detection Using ML In Databricks
Credit Card Fraud Detection Using ML In DatabricksCredit Card Fraud Detection Using ML In Databricks
Credit Card Fraud Detection Using ML In Databricks
Databricks
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys
101 Blockchains
 

Recommended

Cryptography
Cryptography Cryptography
Cryptography
shubham Kumar
 
credit card fraud detection
credit card fraud detectioncredit card fraud detection
credit card fraud detection
jagan477830
 
Level Up: Lessons in User Retention from the Gaming Industry
Level Up: Lessons in User Retention from the Gaming IndustryLevel Up: Lessons in User Retention from the Gaming Industry
Level Up: Lessons in User Retention from the Gaming Industry
CleverTap
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptography
guest9006ab
 
Credit Card Fraud Detection Using ML In Databricks
Credit Card Fraud Detection Using ML In DatabricksCredit Card Fraud Detection Using ML In Databricks
Credit Card Fraud Detection Using ML In Databricks
Databricks
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys
101 Blockchains
 
10 Clever Cybersecurity Awareness Posters
10 Clever Cybersecurity Awareness Posters10 Clever Cybersecurity Awareness Posters
10 Clever Cybersecurity Awareness Posters
NetLockSmith
 
Fraud Analytics with Machine Learning and Big Data Engineering for Telecom
Fraud Analytics with Machine Learning and Big Data Engineering for TelecomFraud Analytics with Machine Learning and Big Data Engineering for Telecom
Fraud Analytics with Machine Learning and Big Data Engineering for Telecom
Sudarson Roy Pratihar
 
Finding Product-Market Fit and Scale w/ Warung Pintar and PayFazz
Finding Product-Market Fit and Scale w/ Warung Pintar and PayFazzFinding Product-Market Fit and Scale w/ Warung Pintar and PayFazz
Finding Product-Market Fit and Scale w/ Warung Pintar and PayFazz
Product School
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
basic encryption and decryption
basic encryption and decryption basic encryption and decryption
basic encryption and decryption
Rashmi Burugupalli
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
April Mardock CISSP
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detection
anthonytaylor01
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloud
Priyanka Aash
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithms
Anamika Singh
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
Sylvain Maret
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Ehtisham Ali
 
Pki Training V1.5
Pki Training V1.5Pki Training V1.5
Pki Training V1.5
Sylvain Maret
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Tripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 

More Related Content

What's hot

10 Clever Cybersecurity Awareness Posters
10 Clever Cybersecurity Awareness Posters10 Clever Cybersecurity Awareness Posters
10 Clever Cybersecurity Awareness Posters
NetLockSmith
 
Fraud Analytics with Machine Learning and Big Data Engineering for Telecom
Fraud Analytics with Machine Learning and Big Data Engineering for TelecomFraud Analytics with Machine Learning and Big Data Engineering for Telecom
Fraud Analytics with Machine Learning and Big Data Engineering for Telecom
Sudarson Roy Pratihar
 
Finding Product-Market Fit and Scale w/ Warung Pintar and PayFazz
Finding Product-Market Fit and Scale w/ Warung Pintar and PayFazzFinding Product-Market Fit and Scale w/ Warung Pintar and PayFazz
Finding Product-Market Fit and Scale w/ Warung Pintar and PayFazz
Product School
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
basic encryption and decryption
basic encryption and decryption basic encryption and decryption
basic encryption and decryption
Rashmi Burugupalli
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
April Mardock CISSP
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detection
anthonytaylor01
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloud
Priyanka Aash
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithms
Anamika Singh
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
Sylvain Maret
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Ehtisham Ali
 
Pki Training V1.5
Pki Training V1.5Pki Training V1.5
Pki Training V1.5
Sylvain Maret
 

What's hot (20)

10 Clever Cybersecurity Awareness Posters
10 Clever Cybersecurity Awareness Posters10 Clever Cybersecurity Awareness Posters
10 Clever Cybersecurity Awareness Posters
 
Fraud Analytics with Machine Learning and Big Data Engineering for Telecom
Fraud Analytics with Machine Learning and Big Data Engineering for TelecomFraud Analytics with Machine Learning and Big Data Engineering for Telecom
Fraud Analytics with Machine Learning and Big Data Engineering for Telecom
 
Finding Product-Market Fit and Scale w/ Warung Pintar and PayFazz
Finding Product-Market Fit and Scale w/ Warung Pintar and PayFazzFinding Product-Market Fit and Scale w/ Warung Pintar and PayFazz
Finding Product-Market Fit and Scale w/ Warung Pintar and PayFazz
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
basic encryption and decryption
basic encryption and decryption basic encryption and decryption
basic encryption and decryption
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Credit card fraud detection
Credit card fraud detectionCredit card fraud detection
Credit card fraud detection
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloud
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithms
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Pki Training V1.5
Pki Training V1.5Pki Training V1.5
Pki Training V1.5
 

Similar to Mapping the ASD Essential 8 to the Mitre ATTACK™ framework

Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Tripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
nkrafacyberclub
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
nullowaspmumbai
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
Yahia Kandeel
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE - ATT&CKcon
 
Which Came First: The Phish or the Opportunity to Defend Against It
Which Came First: The Phish or the Opportunity to Defend Against ItWhich Came First: The Phish or the Opportunity to Defend Against It
Which Came First: The Phish or the Opportunity to Defend Against It
JamieWilliams130
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
edwardstudyemai
 
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
vickeryr87
 
Cs Wif I System Overview 2009
Cs Wif I System Overview 2009Cs Wif I System Overview 2009
Cs Wif I System Overview 2009
Firoze Hussain
 
OWASP Top 10 Mobile Risks
OWASP Top 10 Mobile RisksOWASP Top 10 Mobile Risks
OWASP Top 10 Mobile Risks
Beau Woods
 
Update from the MITRE ATT&CK Team
Update from the MITRE ATT&CK TeamUpdate from the MITRE ATT&CK Team
Update from the MITRE ATT&CK Team
Adam Pennington
 
Secure Android Development
Secure Android DevelopmentSecure Android Development
Secure Android Development
Shaul Rosenzwieg
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Miigaa Mine
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Securitydrkelleher
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
Bhavya Chawla
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
Lancope, Inc.
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01
Vasan Ramadoss
 
network security / information security
network security / information securitynetwork security / information security
network security / information security
Rohan Choudhari
 

Similar to Mapping the ASD Essential 8 to the Mitre ATTACK™ framework (20)

Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
 
Which Came First: The Phish or the Opportunity to Defend Against It
Which Came First: The Phish or the Opportunity to Defend Against ItWhich Came First: The Phish or the Opportunity to Defend Against It
Which Came First: The Phish or the Opportunity to Defend Against It
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
 
Cs Wif I System Overview 2009
Cs Wif I System Overview 2009Cs Wif I System Overview 2009
Cs Wif I System Overview 2009
 
OWASP Top 10 Mobile Risks
OWASP Top 10 Mobile RisksOWASP Top 10 Mobile Risks
OWASP Top 10 Mobile Risks
 
Update from the MITRE ATT&CK Team
Update from the MITRE ATT&CK TeamUpdate from the MITRE ATT&CK Team
Update from the MITRE ATT&CK Team
 
Secure Android Development
Secure Android DevelopmentSecure Android Development
Secure Android Development
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01
 
network security / information security
network security / information securitynetwork security / information security
network security / information security
 

More from Digital Shadows

Threat model of a remote worker | Infographic
Threat model of a remote worker | InfographicThreat model of a remote worker | Infographic
Threat model of a remote worker | Infographic
Digital Shadows
 
Inadvertant Data Breaches
Inadvertant Data BreachesInadvertant Data Breaches
Inadvertant Data Breaches
Digital Shadows
 
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
Digital Shadows
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ Overview
Digital Shadows
 
Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss Detection
Digital Shadows
 
Detecting Spoof Domains
Detecting Spoof DomainsDetecting Spoof Domains
Detecting Spoof Domains
Digital Shadows
 
Digital Shadows Shadow Search
Digital Shadows Shadow SearchDigital Shadows Shadow Search
Digital Shadows Shadow Search
Digital Shadows
 
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for OrganizationsMitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Digital Shadows
 
MITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB IndictmentMITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB Indictment
Digital Shadows
 
Mitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed ProgrammerMitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed Programmer
Digital Shadows
 
Digital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows
 
Digital Shadows and Palo Alto Networks Integration Datasheet
Digital Shadows and Palo Alto Networks Integration DatasheetDigital Shadows and Palo Alto Networks Integration Datasheet
Digital Shadows and Palo Alto Networks Integration Datasheet
Digital Shadows
 
Data Sources - Digital Shadows
Data Sources - Digital ShadowsData Sources - Digital Shadows
Data Sources - Digital Shadows
Digital Shadows
 
Energy and Utilities Firm Increases Productivity by Reducing False Positives
Energy and Utilities Firm Increases Productivity by Reducing False PositivesEnergy and Utilities Firm Increases Productivity by Reducing False Positives
Energy and Utilities Firm Increases Productivity by Reducing False Positives
Digital Shadows
 
Digital Shadows Client Feedback
Digital Shadows Client FeedbackDigital Shadows Client Feedback
Digital Shadows Client Feedback
Digital Shadows
 
Managed Takedown Service - Digital Shadows
Managed Takedown Service - Digital ShadowsManaged Takedown Service - Digital Shadows
Managed Takedown Service - Digital Shadows
Digital Shadows
 
Source Code and Admin Password Shared on Public Site by Developer
Source Code and Admin Password Shared on Public Site by DeveloperSource Code and Admin Password Shared on Public Site by Developer
Source Code and Admin Password Shared on Public Site by Developer
Digital Shadows
 
Phishing Site Detected and Taken Down
Phishing Site Detected and Taken Down Phishing Site Detected and Taken Down
Phishing Site Detected and Taken Down
Digital Shadows
 
Mobile Application Detected Impersonating Company Brand
Mobile Application Detected Impersonating Company BrandMobile Application Detected Impersonating Company Brand
Mobile Application Detected Impersonating Company Brand
Digital Shadows
 

More from Digital Shadows (20)

Threat model of a remote worker | Infographic
Threat model of a remote worker | InfographicThreat model of a remote worker | Infographic
Threat model of a remote worker | Infographic
 
Inadvertant Data Breaches
Inadvertant Data BreachesInadvertant Data Breaches
Inadvertant Data Breaches
 
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security Framework
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ Overview
 
Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss Detection
 
Detecting Spoof Domains
Detecting Spoof DomainsDetecting Spoof Domains
Detecting Spoof Domains
 
Digital Shadows Shadow Search
Digital Shadows Shadow SearchDigital Shadows Shadow Search
Digital Shadows Shadow Search
 
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for OrganizationsMitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
 
MITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB IndictmentMITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB Indictment
 
Mitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed ProgrammerMitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed Programmer
 
Digital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration Datasheet
 
Digital Shadows and Palo Alto Networks Integration Datasheet
Digital Shadows and Palo Alto Networks Integration DatasheetDigital Shadows and Palo Alto Networks Integration Datasheet
Digital Shadows and Palo Alto Networks Integration Datasheet
 
Data Sources - Digital Shadows
Data Sources - Digital ShadowsData Sources - Digital Shadows
Data Sources - Digital Shadows
 
Energy and Utilities Firm Increases Productivity by Reducing False Positives
Energy and Utilities Firm Increases Productivity by Reducing False PositivesEnergy and Utilities Firm Increases Productivity by Reducing False Positives
Energy and Utilities Firm Increases Productivity by Reducing False Positives
 
Digital Shadows Client Feedback
Digital Shadows Client FeedbackDigital Shadows Client Feedback
Digital Shadows Client Feedback
 
Managed Takedown Service - Digital Shadows
Managed Takedown Service - Digital ShadowsManaged Takedown Service - Digital Shadows
Managed Takedown Service - Digital Shadows
 
Source Code and Admin Password Shared on Public Site by Developer
Source Code and Admin Password Shared on Public Site by DeveloperSource Code and Admin Password Shared on Public Site by Developer
Source Code and Admin Password Shared on Public Site by Developer
 
Phishing Site Detected and Taken Down
Phishing Site Detected and Taken Down Phishing Site Detected and Taken Down
Phishing Site Detected and Taken Down
 
Mobile Application Detected Impersonating Company Brand
Mobile Application Detected Impersonating Company BrandMobile Application Detected Impersonating Company Brand
Mobile Application Detected Impersonating Company Brand
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 

Mapping the ASD Essential 8 to the Mitre ATTACK™ framework

  • 1. 3. Persistence 7. Discovery 9. Collection Mitre ATT&CK Stage Tactic GRU 1. Initial Access 6. Credential Access 5. Defense Evasion 4. Privilege Escalation ! 2. Execution 8. Lateral Movement 10. Exfiltration 11. Command & Control Spearphishing attachment Application whitelisting Drive-by Compromise Spearphishing link Exploit Public-Facing Application User Execution Valid Accounts Exploitation for Client Execution Trusted Relationship Spearphishing via Service Bootkit Valid Accounts Login Item Launch Agent Application Shimming Modify Existing Service Web Shell Obfuscated Files or Information Clear Command History Masquerading Exploitation for Defense Evasion Input Capture Exploitation for Credential Access Remote Services Credentials in Files Network Service Scanning Private Keys Remote System Discovery Hooking Windows Admin Shares Data from Local System / Network Shared Drive Data Staged Input Capture Email Collection Screen Capture Data Encrypted Data Compressed Automated Col- lection Custom Cryptographic Protocol Commonly Used Port Data Encoding Custom Command and Control Protocol Remote File Copy Multi-hop Proxy ASD Essential 8 and Mitre ATT&CK Exploitation for Privilege Escalation Data from Information Re- positories FIN7 FSB Hidden COBRA ASD Essential 8 Digital Shadows Advice Patch applications, Patch operating systems Multi-factor authentication Restrict administrative priv- ileges Patch applications User application hardening, Configure Microsoft Office macro settings Restrict administrative privileges, Patch Operating Systems Restrict administrative privileges Patch Operating Systems Multi-factor authentication Patch Operating Systems Patch User Applications Patch User Applications Application Whitelisting Application Whitelisting Multi-factor authentication Restrict administrative privileges Restrict administrative privileges Restrict administrative privileges Monitoring for the creation of phishing domains Monitoring for persistence mechanisms via KnockKnock or for launch file creation via other file monitoring solutions such as EDR Example: Monitoring for PowerShell scripts via the Anti Malware Script Interface (AMSI) in Windows 10 reveals the deobfuscated commands Monitoring for user authentications, via SSH for example, which do not correspond to changes in a user’s command history may indicate attempts to evade detection EDR systems may be able to detect attempts to install hook procedures Procedural controls such as training, awareness and regular reviews can be used to educate users to the dangers of leaving valid credentials in files EDR and/or SIEM solutions can detect port scanning activities EDR and/or SIEM solutions can detect remote system discovery activities Malicious behavior can be cross-correlated with the accessing of remote services to track an adversary through an environment EDR and/or SIEM solutions can be used to detect data being gather from local and remote systems EDR and/or SIEM solutions can be used to detect data being automatically collected especially when scripts or command line tools are used User Behavior Analytics (UBA) may detect anomalous collection patterns. Logs of activity for information repository access should be kept EDR and/or SIEM solutions can be used to detect email being collected especially when scripts or command line tools are used against APIs EDR and/or SIEM solutions can be used to detect data being staged especially when scripts or command line tools are used Network monitoring can be used to detect the usage of protocols typically not present in an environment, such as FTP, as well as anomalous file transfers via other mediums Network monitoring can detect the usage of, for example, base64 encoding in network traffic Network monitoring for encrypted communications which do not follow standards such as TLS/SSL may detect the usage of custom cryptographic protocols Network logs can be used to detect anom- alous network traffic using protocols such as DNS in previously unseen ways Network logs can be used to detect anom- alous network traffic, e.g., from previously unseen applications Monitoring for the creation of phishing domains Monitoring for the creation of phishing domains