In the modern age, all organizations face threats from various types of cyber attacks. Although great strides have been made to consider human factors in cybersecurity and to become more proactive in threat analysis, security is still generally a reactive, technical field. The research presented in this talk seeks to develop a framework which adapts the existing MITRE ATT&CK framework to look at attacks in a less linear, more human-centered framework that focuses on the capabilities and decisions of the threat actor.
The framework approaches threat analysis from a binary assessment of success vs. failure in order to see the entire attack and consider the potential for a number of methods and attempts made in a single attack. A detailed methodology and sample charts are included for a reference and a starting point in developing one’s own personalized charts, and recommendations are made for ways to integrate this methodology into the risk management process.
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour January 2021
By Valentine Mairet, Security Researcher, McAfee
The MITRE ATT&CK framework is the industry standard to dissect cyberattacks into used techniques. At McAfee, all attack information is disseminated into different categories, including ATT&CK techniques. What results from this exercise is an extensive repository of techniques used in cyberattacks that goes back many years. Much can be learned from looking at historical attack data, but how can we piece all this information together to identify new relationships between threats and attacks? In her recent efforts, Valentine has embraced analyzing ATT&CK data in graphical representations. One lesson learned is that it is not just about merely mapping out attacks and techniques used into graphs, but the strength lies in applying different algorithms to answer specific questions. In this presentation, Valentine will showcase the results and techniques obtained from her research journey using graph and graph algorithms.
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...MITRE - ATT&CKcon
Operationalizing the ATT&CK framework has enabled GE to deploy custom detection to evolving threat actor behaviors. By leveraging an in-house developed tool called TIAMAT (Tactical Intelligence Adversary Mapping and Analysis Tool) the ATT&CK framework is
incorporated into an end-to-end operational process from intelligence collection to customized detection deployment.
The designing of this new operational process is examined, and a use case presented of how examining a historical incident led to a new method of deploying detection based on ATT&CK and the detection of previously undiscovered activity. There is also a demo that walks the audience through the end-to-end process and explains TIAMATs capabilities.
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour October 2020
By Matan Hart, Co-Founder & CEO Cymptom @machosec
Adversary emulation is commonly used to validate security controls and is considered one of the most popular use-cases for the ATT&CK framework. However, emulating adversary TTPs on production environments is often very limited in testing scope and frequency, and such practice may cause unwanted business disruption. In this talk from the MITRE ATT&CKcon Power Hour session on October 9, 2020, Hart presents a different approach to testing controls against ATT&CK. He demonstrates how it is possible to provide data-based methods to evaluate the exploitability of ATT&CK techniques by gathering information from the network, endpoint, and services; this unique approach does not emulate any sort of malicious action, thus reducing the potential of causing business disruption to the minimum. Hart also outlines a new open-source guideline based on ATT&CK mitigations, that security teams can use to assess their security posture non-intrusively and at scale.
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE - ATT&CKcon
USAA has utilized the MITRE ATT&CK framework as a unique means to map their current detection infrastructure and assess their ability to defend against the most relevant threats to their network. In this presentation they share some lessons learned during their journey with ATT&CK leading to identified best practices for workflow integration through team composition and custom tool development.
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan brugginkGert-Jan Bruggink
The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises. It explores targeting economic considerations when defending against techniques used by adversaries.
Diving into economics for adversaries to use or build certain techniques and tools over others. How can defenders defend against specific techniques by increasing the adversaries cost per intrusion. How can ATT&CK be used to make strategic risk management decisions.
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Haylee Mills, Splunk
Having ATT&CK to identify threats, prioritize data sources, and improve security posture has been a huge step forward for our industry, but how do we actualize those insights for better detection and alerting? By shifting to observations of behavior over one-to-one direct alerts, noisy datasets become valuable treasure troves with ATT&CK metadata. Additionally, we can begin to look at detection and threat hunting on behavior instead of users or systems. In this presentation, Haylee will discuss the shift in mindset and the nuts and bolts of detections that leverage this metadata in Splunk, but the concept can be applied with custom tools to any valuable security dataset.
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour January 2021
By Valentine Mairet, Security Researcher, McAfee
The MITRE ATT&CK framework is the industry standard to dissect cyberattacks into used techniques. At McAfee, all attack information is disseminated into different categories, including ATT&CK techniques. What results from this exercise is an extensive repository of techniques used in cyberattacks that goes back many years. Much can be learned from looking at historical attack data, but how can we piece all this information together to identify new relationships between threats and attacks? In her recent efforts, Valentine has embraced analyzing ATT&CK data in graphical representations. One lesson learned is that it is not just about merely mapping out attacks and techniques used into graphs, but the strength lies in applying different algorithms to answer specific questions. In this presentation, Valentine will showcase the results and techniques obtained from her research journey using graph and graph algorithms.
MITRE ATT&CKcon 2018: Summiting the Pyramid of Pain: Operationalizing ATT&CK,...MITRE - ATT&CKcon
Operationalizing the ATT&CK framework has enabled GE to deploy custom detection to evolving threat actor behaviors. By leveraging an in-house developed tool called TIAMAT (Tactical Intelligence Adversary Mapping and Analysis Tool) the ATT&CK framework is
incorporated into an end-to-end operational process from intelligence collection to customized detection deployment.
The designing of this new operational process is examined, and a use case presented of how examining a historical incident led to a new method of deploying detection based on ATT&CK and the detection of previously undiscovered activity. There is also a demo that walks the audience through the end-to-end process and explains TIAMATs capabilities.
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour October 2020
By Matan Hart, Co-Founder & CEO Cymptom @machosec
Adversary emulation is commonly used to validate security controls and is considered one of the most popular use-cases for the ATT&CK framework. However, emulating adversary TTPs on production environments is often very limited in testing scope and frequency, and such practice may cause unwanted business disruption. In this talk from the MITRE ATT&CKcon Power Hour session on October 9, 2020, Hart presents a different approach to testing controls against ATT&CK. He demonstrates how it is possible to provide data-based methods to evaluate the exploitability of ATT&CK techniques by gathering information from the network, endpoint, and services; this unique approach does not emulate any sort of malicious action, thus reducing the potential of causing business disruption to the minimum. Hart also outlines a new open-source guideline based on ATT&CK mitigations, that security teams can use to assess their security posture non-intrusively and at scale.
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE - ATT&CKcon
USAA has utilized the MITRE ATT&CK framework as a unique means to map their current detection infrastructure and assess their ability to defend against the most relevant threats to their network. In this presentation they share some lessons learned during their journey with ATT&CK leading to identified best practices for workflow integration through team composition and custom tool development.
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan brugginkGert-Jan Bruggink
The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises. It explores targeting economic considerations when defending against techniques used by adversaries.
Diving into economics for adversaries to use or build certain techniques and tools over others. How can defenders defend against specific techniques by increasing the adversaries cost per intrusion. How can ATT&CK be used to make strategic risk management decisions.
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Haylee Mills, Splunk
Having ATT&CK to identify threats, prioritize data sources, and improve security posture has been a huge step forward for our industry, but how do we actualize those insights for better detection and alerting? By shifting to observations of behavior over one-to-one direct alerts, noisy datasets become valuable treasure troves with ATT&CK metadata. Additionally, we can begin to look at detection and threat hunting on behavior instead of users or systems. In this presentation, Haylee will discuss the shift in mindset and the nuts and bolts of detections that leverage this metadata in Splunk, but the concept can be applied with custom tools to any valuable security dataset.
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24
In this webinar we’ll discuss how you can map CVE records with the MITRE ATT&CK framework to enhance vulnerability management process and achieve better risk management.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat Sharing; Sara Terp and John Gray, Credibility Coalition Misinfosec Working Group
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
Unit 42 researches threat activity and publishes detailed reports on attack campaigns launched by these adversaries. One of these adversaries, known as Sofacy, has been carrying out attack campaigns on high profile targets for many years and has continued into 2018.
To understand how to defend against these threats, an analyst has to read our reports, process them and mentally map them to their defenses. In most cases we expect readers just "block" all of the indicators we include in the report and assume they are covered. Last year we started using ATT&CK to codify the techniques we observed, linking those techniques to indicator patterns and encoding them into STIX 2 objects, with the goal of creating something that a defender can use to answer the question: "How am I defending against this adversary?" We call these documents, "Adversary Playbooks" as they contain our best approximation of how the adversary launches their attacks.
This talk describes the concept of Adversary Playbooks, as well as provides an overview of the attack campaigns Unit 42 has attributed to the Sofacy group in 2018. It uses the discussed attacks to show how these playbooks are constructed and explain some of the challenges of incorporating ATT&CK and STIX 2 together for this purpose.
From MITRE ATT&CKcon Power Hour November 2020
By Matt Snyder, Senior Threat Analytics Engineer, VMware
The market for Security products is flooded with vendors offering all sorts of solutions, and organizations are spending a record amount of money defending their environments. Nevertheless, an increasing number of breaches are reported each year, resulting in organizations spending millions of dollars to remediate them. The Security industry responds with more products, all offering to stop the next breach, and the cycle continues. In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020, Matt discusses what VMware is doing internally to address this fundamental flaw in the Security industry and how they are leveraging the MITRE ATT&CK framework to reshape how we think about security.
ATT&CK is an incredibly valuable framework for describing and analyzing what’s happening in your environment. Sometimes security professionals not only need a way to understand, but also need a way to clearly articulate to non-security leadership to gain support and investment in needed resourcing. Using UX design methods, CrowdStrike came up with a mental model and more conversational terms to help anyone quickly parse the big picture.
MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation.
Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour January 2021
By Daniel Wyleczuk-Stern, Senior Security Engineer, Snowflake
Cyber security is inherently a function of risk management. Risk management is the identification, evaluation, and prioritization of risks followed by the effort to reduce those risks in a coordinated and economical manner (thanks wikipedia!). In this talk, Daniel will be going over some strategies for measuring and prioritizing your cyber risks using MITRE ATT&CK. He'll discuss some lessons learned in atomic testing of techniques vs attack chaining as well as what to measure and how to make decisions with that data.
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour November 2020
By Allie Mellen, Security Strategist, Office of the CSO, Cybereason
In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, Allie discusses how the Cybereason research team uses both MITRE ATT&CK and MITRE ATT&CK for Mobile to map and communicate new malware to the larger security community. Teams use the MITRE ATT&CK framework to share techniques, tactics, and procedures with their team and the community at large. This knowledge base has been incredibly beneficial for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Many of these uses have centered around traditional endpoints like laptops and workstations. However, the MITRE ATT&CK team has also created a cutting-edge portion of their framework: MITRE ATT&CK for Mobile.
One of the most recent pieces of malware they have found is EventBot, a mobile banking trojan that targets Android devices and the financial services applications on them, including popular apps like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase, paysafecard, and many more. In this talk, learn about this specific attack, intended targets, a timeline of the attack, and the MITRE ATT&CK for Mobile mapping. Learn why the Cybereason team map to MITRE ATT&CK and MITRE ATT&CK for Mobile and what benefits it has given them and their interactions with the community.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
This presentation talks about the focus towards building security in the software development life cycle and covers details related to Reconnaissance, Scanning and Attack based test design and execution approach.
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24
In this webinar we’ll discuss how you can map CVE records with the MITRE ATT&CK framework to enhance vulnerability management process and achieve better risk management.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat Sharing; Sara Terp and John Gray, Credibility Coalition Misinfosec Working Group
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
Unit 42 researches threat activity and publishes detailed reports on attack campaigns launched by these adversaries. One of these adversaries, known as Sofacy, has been carrying out attack campaigns on high profile targets for many years and has continued into 2018.
To understand how to defend against these threats, an analyst has to read our reports, process them and mentally map them to their defenses. In most cases we expect readers just "block" all of the indicators we include in the report and assume they are covered. Last year we started using ATT&CK to codify the techniques we observed, linking those techniques to indicator patterns and encoding them into STIX 2 objects, with the goal of creating something that a defender can use to answer the question: "How am I defending against this adversary?" We call these documents, "Adversary Playbooks" as they contain our best approximation of how the adversary launches their attacks.
This talk describes the concept of Adversary Playbooks, as well as provides an overview of the attack campaigns Unit 42 has attributed to the Sofacy group in 2018. It uses the discussed attacks to show how these playbooks are constructed and explain some of the challenges of incorporating ATT&CK and STIX 2 together for this purpose.
From MITRE ATT&CKcon Power Hour November 2020
By Matt Snyder, Senior Threat Analytics Engineer, VMware
The market for Security products is flooded with vendors offering all sorts of solutions, and organizations are spending a record amount of money defending their environments. Nevertheless, an increasing number of breaches are reported each year, resulting in organizations spending millions of dollars to remediate them. The Security industry responds with more products, all offering to stop the next breach, and the cycle continues. In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020, Matt discusses what VMware is doing internally to address this fundamental flaw in the Security industry and how they are leveraging the MITRE ATT&CK framework to reshape how we think about security.
ATT&CK is an incredibly valuable framework for describing and analyzing what’s happening in your environment. Sometimes security professionals not only need a way to understand, but also need a way to clearly articulate to non-security leadership to gain support and investment in needed resourcing. Using UX design methods, CrowdStrike came up with a mental model and more conversational terms to help anyone quickly parse the big picture.
MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation.
Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour January 2021
By Daniel Wyleczuk-Stern, Senior Security Engineer, Snowflake
Cyber security is inherently a function of risk management. Risk management is the identification, evaluation, and prioritization of risks followed by the effort to reduce those risks in a coordinated and economical manner (thanks wikipedia!). In this talk, Daniel will be going over some strategies for measuring and prioritizing your cyber risks using MITRE ATT&CK. He'll discuss some lessons learned in atomic testing of techniques vs attack chaining as well as what to measure and how to make decisions with that data.
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour November 2020
By Allie Mellen, Security Strategist, Office of the CSO, Cybereason
In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, Allie discusses how the Cybereason research team uses both MITRE ATT&CK and MITRE ATT&CK for Mobile to map and communicate new malware to the larger security community. Teams use the MITRE ATT&CK framework to share techniques, tactics, and procedures with their team and the community at large. This knowledge base has been incredibly beneficial for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Many of these uses have centered around traditional endpoints like laptops and workstations. However, the MITRE ATT&CK team has also created a cutting-edge portion of their framework: MITRE ATT&CK for Mobile.
One of the most recent pieces of malware they have found is EventBot, a mobile banking trojan that targets Android devices and the financial services applications on them, including popular apps like Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase, paysafecard, and many more. In this talk, learn about this specific attack, intended targets, a timeline of the attack, and the MITRE ATT&CK for Mobile mapping. Learn why the Cybereason team map to MITRE ATT&CK and MITRE ATT&CK for Mobile and what benefits it has given them and their interactions with the community.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
This presentation talks about the focus towards building security in the software development life cycle and covers details related to Reconnaissance, Scanning and Attack based test design and execution approach.
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
On December 9th, researchers uncovered a zero-day critical vulnerability in the Apache Log4j library used by millions of Java applications. CVE-2021-44228 or “Log4Shell” is a RCE vulnerability that allows attackers to execute arbitrary code and potentially take full control over an infected system. The vulnerability has been ranked a 10/10 on the CVSSv3 severity scale.
While the Apache Foundation has already released a patch for this CVE, it can take weeks or months for vendors to update their software, and there are already widespread scans being conducted by malicious attackers to exploit Log4Shell.
What should companies or organizations do?
Join Marco Preuss, Head of Europe’s Global Research and Analysis (GReAT) team, Marc Rivero and Dan Demeter, Senior Security Researchers with GReAT, for an in-depth discussion on Log4Shell and a live Q&A session.
To see the full webinar, please visit: https://securelist.com/webinars/log4shell-vulnerability-how-to-stay-secure/?utm_source=Slideshare&utm_medium=partner&utm_campaign=gl_jespo_je0066&utm_content=link&utm_term=gl_Slideshare_organic_s966w1tou5a0snh
1
Project 2 Deliverables
Security Assessment Report (SAR)
I. Title Page
II. Abstract
III. Organization
a. Purpose
b. Organizational structure
c. Network system description
d. Diagram of the organization (LAN, WAN, intranet, extranet, internet)
e. Identify system boundaries (inner networks separated from outside networks)
IV. Enterprise Threats
a. Internal Threats
b. External Threats
c. Threat Intelligence
i. OPM Breach
ii. OPM vs Your Organization
1. Differences
2. Similarities
d. Security Issues in the Organization
V. Scanning
a. Lab Results
VI. Relational Database Management System (RDBMS)
a. Role of Firewalls
b. Encryption Methods Used in Firewalls
c. RDBMS Auditing
i. Describe the auditing techniques and how it protects the security objectives of confidentiality, integrity, and availability
VII. Threat Identification
a. Organization Cyber Attacks
b. Remediation & Mitigation Techniques
i. Access Control
ii. Database Transaction
iii. Firewall Log Files
iv. Encryption
1. Purpose
2. Function
VIII. Conclusion
IX. References
Risk Assessment Report (RAR)
I. Title Page
II. Abstract
III. Risk and Remediation
a. Organizational Risk (NIST, 2012)
b. Organizational Remediation Efforts
c. Organizational Threats/Vulnerabilities
i. Likelihood of occurring
ii. Impact to organization
d. Cost/Benefit Analysis of Remediation Efforts
IV. Plan of Actions & Milestones (POA&Ms)
a. Creation
b. Monitoring
c. Closing
V. Conclusion
VI. References
References
1. Scarfone, K., & Hoffman, P. (2009). Guidelines on firewalls and firewall policy: Recommendations of the National Institute of Standards and Technology. (Special Publication 800-41). U.S. Department of Commerce, National Institute of Standards and Technology. Retrieved August 5, 2016, from http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf
2. U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2012). Information security: Guide for conducting risk assessments (Special Publication 800-30). Retrieved August 5, 2016, from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
3. http://2012books.lardbucket.org/books/getting-the-most-out-of-information-systems-v1.3/index.html
4. Introduction to parallel & distributed algorithms by Carl Burch, Hendrix College, August 2009
5. https://lti.umuc.edu/contentadaptor/topics/byid/820a901d-e710-4e8c-9b19-8aaf41baf091
6. Singhal, A., Winograd, T., & Scarfone, K. (2007). Computer security: Guide to secure web services: Recommendations of the National Institute of Standards and Technology (Special Publication 800-95). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf
7. https://www.computer.org/cms/CYBSI/docs/Top-10-Flaws.pdf
8. https://umuc.equella.ecollege.com/file/6aa8bfb8-7053-4fed-94f6-2547e454c501/1/web/viewer.html?file=https://umuc.equella.ecollege.com/file/830d820d-c407-49df-ab83-2886fd3a7cbf/1/NISTCloudComputingStandardsRoadmap.pdf
9. ...
1
Project 2 Deliverables
Security Assessment Report (SAR)
I. Title Page
II. Abstract
III. Organization
a. Purpose
b. Organizational structure
c. Network system description
d. Diagram of the organization (LAN, WAN, intranet, extranet, internet)
e. Identify system boundaries (inner networks separated from outside networks)
IV. Enterprise Threats
a. Internal Threats
b. External Threats
c. Threat Intelligence
i. OPM Breach
ii. OPM vs Your Organization
1. Differences
2. Similarities
d. Security Issues in the Organization
V. Scanning
a. Lab Results
VI. Relational Database Management System (RDBMS)
a. Role of Firewalls
b. Encryption Methods Used in Firewalls
c. RDBMS Auditing
i. Describe the auditing techniques and how it protects the security objectives of confidentiality, integrity, and availability
VII. Threat Identification
a. Organization Cyber Attacks
b. Remediation & Mitigation Techniques
i. Access Control
ii. Database Transaction
iii. Firewall Log Files
iv. Encryption
1. Purpose
2. Function
VIII. Conclusion
IX. References
Risk Assessment Report (RAR)
I. Title Page
II. Abstract
III. Risk and Remediation
a. Organizational Risk (NIST, 2012)
b. Organizational Remediation Efforts
c. Organizational Threats/Vulnerabilities
i. Likelihood of occurring
ii. Impact to organization
d. Cost/Benefit Analysis of Remediation Efforts
IV. Plan of Actions & Milestones (POA&Ms)
a. Creation
b. Monitoring
c. Closing
V. Conclusion
VI. References
References
1. Scarfone, K., & Hoffman, P. (2009). Guidelines on firewalls and firewall policy: Recommendations of the National Institute of Standards and Technology. (Special Publication 800-41). U.S. Department of Commerce, National Institute of Standards and Technology. Retrieved August 5, 2016, from http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf
2. U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2012). Information security: Guide for conducting risk assessments (Special Publication 800-30). Retrieved August 5, 2016, from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
3. http://2012books.lardbucket.org/books/getting-the-most-out-of-information-systems-v1.3/index.html
4. Introduction to parallel & distributed algorithms by Carl Burch, Hendrix College, August 2009
5. https://lti.umuc.edu/contentadaptor/topics/byid/820a901d-e710-4e8c-9b19-8aaf41baf091
6. Singhal, A., Winograd, T., & Scarfone, K. (2007). Computer security: Guide to secure web services: Recommendations of the National Institute of Standards and Technology (Special Publication 800-95). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf
7. https://www.computer.org/cms/CYBSI/docs/Top-10-Flaws.pdf
8. https://umuc.equella.ecollege.com/file/6aa8bfb8-7053-4fed-94f6-2547e454c501/1/web/viewer.html?file=https://umuc.equella.ecollege.com/file/830d820d-c407-49df-ab83-2886fd3a7cbf/1/NISTCloudComputingStandardsRoadmap.pdf
9. ...
A Security Analysis Framework Powered by an Expert SystemCSCJournals
Today\'s IT systems are facing a major challenge in confronting the fast rate of emerging security threats. Although many security tools are being employed within organizations in order to standup to these threats, the information revealed is very inferior in providing a rich understanding to the consequences of the discovered vulnerabilities. We believe expert systems can play an important role in capturing any security expertise from various sources in order to provide the informative deductions we are looking for from the supplied inputs. Throughout this research effort, we have built the Open Security Knowledge Engineered (OpenSKE) framework (http://code.google.com/p/openske), which is a security analysis framework built around an expert system in order to reason over the security information collected from external sources. Our implementation has been published online in order to facilitate and encourage online collaboration to increase the practical research within the field of security analysis.
How do we detect malware? A step-by-step guideMarcus Botacin
Slides from my talk at Texas A&M University (TAMU) seminar series (2002), where I present a landscape of the malware detection pipeline currently used by the industry and how academia can contribute to that. I present new solutions ranging from the use of ML, sandbox solutions, and hardware support for the development of more performance-efficient Antivirus.
From MITRE ATT&CKcon Power Hour January 2021
By Adam Pennington, ATT&CK Lead, MITRE
Adam leads ATT&CK at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK’s initial techniques. He has spent much of his 12 years with MITRE studying and preaching the use of deception for intelligence gathering. Prior to joining MITRE, Adam was a researcher at Carnegie Mellon’s Parallel Data Lab and earned his BS and MS degrees in Computer Science and Electrical and Computer Engineering as well as the 2017 Alumni Service Award from Carnegie Mellon University. Adam has presented and published in a number of venues including FIRST CTI, USENIX Security and ACM Transactions on Information and System Security.
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour January 2021
By Gert-Jan Bruggink, Defensive Specialist, FalconForce
Adversaries are humans as well. They have objectives, deadlines and resources for programming.
In a sense, very similar to corporations grounded in the economics of effort vs time vs results. Now understanding techniques is one thing, taking it a step further and understanding what the economic impact is of using certain techniques is another. Developing tools takes time. For example, developing a custom process injection module might take days or weeks to develop, where using an open source tool could prevent extensive development costs incurred.
This talk explores the economic considerations for defending against techniques used by adversaries. It explores fundamental considerations all referenced to MITRE’s ATT&CK framework. The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises.
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Jacob Benjamin, Principal Industrial Consultant Dragos, INL, & University of Idaho
Design Basis Threat (DBT) is concept introduced by the Nuclear Regulatory Commission (NRC). It is a profile of the type, composition, and capabilities of an adversary. DBT is the key input nuclear power plants use for the design of systems against acts of radiological sabotage and theft of special nuclear material. The NRC expects its licensees, nuclear power plants, to demonstrate that they can defend against the DBT. Currently, cyber is included in DBTs simply as a prescribed list of IT centric security controls. Using MITRE’s ATT&CK framework, Cyber DBTs can be created that are specific to the facility, its material, or adversary activities.
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Hieu Tran, Threat Detection Team Lead FPT Cybersecurity Division
No matter how sophisticated and thorough your security precautions may be, you cannot assume your security measures are impenetrable. This is why you need a threat hunting program in place. But how can we implement a proper threat hunting program and run it efficiently? In this talk, we will uncover how to sharpen your threat hunting strategy by leveraging ATT&CK. Ultimately, we’ll be demonstrating how effectively employing the hunting methodology in the real-world battlefield, fighting against well-known cyber espionage actors who strongly focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Valentina Palacín, Sr. Cyber Threat Intelligence Analyst
No one can deny the tremendous impact that ATT&CK had on the cybersecurity industry, nor the usefulness of having a good Threat Library at your disposal. But the question Valentina gets asked over and over by people from small companies is always the same: “How could I leverage threat intelligence using ATT&CK with limited time and resources?” And so far, there hasn't been a good answer. That’s why she decided to come up with the Threat Mapping Catalogue (TMC), a tool that combines the power of the mappings already available in the ATT&CK website, TRAM and the ATT&CK Navigator, to better process, consume and incorporate new mappings while organizing them around different categories.
From MITRE ATT&CKcon Power Hour December 2020
By Otis Alexander, Principal Cybersecurity Engineer, MITRE
Otis Alexander is a Principal Cyber Security Engineer at the MITRE Corporation and has worked in the areas of security engineering and research, analytic development, and adversary modeling and emulation. Otis is a co-creator of ATT&CK for ICS and has been leading the project since its inception. He also leads an effort to bring MITRE ATT&CK Evaluations to ICS security vendors providing anomaly and threat detection solutions. He advocates for network and host visibility in operational technology environments to increase the situational awareness of defenders.
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Katie Nickels, Director of Intelligence, Red Canary
Good analysts (and good human beings) change their minds based on new information. In this presentation, Katie will share how her perspectives on ATT&CK have changed since moving from ATT&CK team member to ATT&CK end-user. She will discuss how her ideas about coverage, procedures, and detection creation have evolved and why those perspectives matter. Katie will also share practical examples from observed threats to help explain the nuances of her perspectives. Attendees should expect to leave this presentation with a better understanding of how to handle challenges they’re likely to face when navigating their own ATT&CK journey.
From MITRE ATT&CKcon Power Hour November 2020
By:
Jamie Williams, Lead Cyber Adversarial Engineer, MITRE
Mike Hartley, Lead Cybersecurity Engineer, MITRE
In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020 Jamie Williams and Mike Hartley from MITRE discuss the process for merging PRE-ATT&CK and adding two new tactics to Enterprise ATT&CK – Reconnaissance and Resource Development.
From MITRE ATT&CKcon Power Hour November 2020
By Anthony Randazzo, Global Response Lead, Expel
The team at Expel has been migrating to the cloud for the last 10 years, but as usual, security has lagged behind. Which means we don't have a comprehensive detection and response framework for cloud like we do with the Enterprise ATT&CK matrix. Cloud has evolved into a complex beast as technologies and concepts – like Infrastructure As Code, Containers, Kubernetes and so forth – have emerged. These new attack surfaces have been added that introduce additional challenges to detection and response in our cloud environments. We don't know what we don't know about attack life cycles in the cloud. In this presentation from the MITRE ATT&CKcon Power Hour session on November 12, 2020, Anthony shares some interesting lessons learned so far when it comes to finding bad guys in the cloud.
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour October 2020
By Brandon Levene, Head of Applied Intelligence Google, @seraphimdomain
Opportunistically targeted ransomware deployments, aka Big Game Hunting (BGH), have caused a distinct disruption in the mechanics of monetizing crimeware compromises. This strategy has become the “end game” for the majority of organized cybercrime organizations, and one effect of this shift is the increased emphasis on enterprise-level targets. In this talk from the MITRE ATT&CKCon Power Hour session on October 9, 2020, Levene walks us through research about how a specific BGH threat actor pursues entry points, gains its foothold, pivots, and deploys payloads to maximize their financial gains with minimal effort - and infrastructure! You’ll walk away with an understanding of the latest BGH TTPs seen in enterprise environments, and how they map to the ATT&CK framework so you can build this research into your threat detection strategy and enhance your defenses.
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour October 2020
By:
Aunshul Rege, Associate Professor, Temple University, @prof_rege
Rachel Bleiman, PhD Student/NSF Graduate Research Assistant, Temple University, @rab1928
This presentation from the MITRE ATT&CKcon Power Hour session on October 9, 2020, explores the application of the MITRE ATT&CK® and PRE-ATT&CK matrices in cybercrime education and research. Specifically, Rege and Bleiman demonstrate the mapping of the PRE-ATT&CK matrix to social engineering case studies as an experiential learning project in an upper-level cybercrime liberal arts course. It thus allows students to understand the alignment process of threat intelligence to the PRE-ATT&CK framework and also learn about its usefulness/limitations. The talk also discusses the mapping of the ATT&CK matrix, tactics, techniques, software, and groups for two cybercrime datasets created by collating publicly disclosed incidents: (i) critical infrastructure ransomware (CIRW) incidents, and (ii) social engineering (SE) incidents. For the CIRW dataset, 39% of the strains mapped onto the ATT&CK software. For the SE dataset, 49% of the groups and 65% of the techniques map on to the MITRE framework. This helps the researchers identify the framework's usefulness/limitations and also helps our datasets connect to richer information that may not otherwise be available in the publicly disclosed incidents.
From MITRE ATT&CKcon Power Hour October 2020
By Jen Burns, Lead Cybersecurity Engineer, MITRE, @snarejen
Jen Burns is a Lead Cybersecurity Engineer at MITRE and the Lead for MITRE ATT&CK® for Cloud. She’s also a red team developer and lead for ATT&CK Evaluations, using her skills in software engineering and adversary emulation. Previously, she was a tech lead at HubSpot on the Infrastructure Security team where she focused on red teaming and building detections in the cloud environment. This presentation is from the MITRE ATT&CKcon Power Hour session held on October 9, 2020.
From MITRE ATT&CKcon Power Hour - October
By Brian Donohue, Security Evangelist, Red Canary, @thebriandonohue
In early 2018, Red Canary adopted MITRE ATT&CK as the common language that they would use to categorize threats, measure detection coverage, and communicate about malicious behaviors. In the intervening years, they’ve relied on the framework to develop open source tools like Atomic Red Team and help security teams prioritize their defensive efforts with blogs and our annual Threat Detection Report.
In early 2020, MITRE announced that ATT&CK would be expanding its original taxonomy of tactics and techniques to include sub-techniques. In the months that followed MITRE's announcement, Red Canary’s research, intelligence, and detection engineering teams painstakingly remapped their library of thousands of behavioral analytics to sub-techniques. In doing so, they improved their correlational logic, experimented with the idea of conditional technique mapping, and, unfortunately, rendered the 2020 Threat Detection Report out-of-date.
In this talk from the MITRE ATT&CKcon Power Hour session on October 9, 2020, Brian discusses how refactoring for sub-techniques offered us the opportunity to apply all the lessons learned in more than two years of operationalizing ATT&CK. He also explores how Red Canary has remodeled its ATT&CK mapping to allow for added flexibility and human input and shows what happens when the Red Canary applied their new sub-technique mappings to the 2020 Threat Detection Report.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
4. Framework
Identify top threats
Research attack methods of
threats
Form decision tree to understand
primary and secondary attacks
Synthesize with organizational
weaknesses
5. Spearphishing
SUCCESS – stage
completed
Process discovery
SUCCESS – stage
completed
Malware
execution and
data exfiltration
FAILURE –
alternate method
Lateral movement
SUCCESS – stage
completed
Malware
execution and
data exfiltration
FAILURE –
alternate method
Brute force
SUCCESS – stage
completed
Process discovery
SUCCESS – stage
completed
Malware
execution and
data exfiltration
FAILURE –
alternate method
Lateral movement
SUCCESS – stage
completed
Malware
execution and
data exfiltration
Turla
6. Spearphishing
SUCCESS – stage
complete
Backdoor
execution
SUCCESS – stage
completed
Establish C2 server
comm
SUCCESS – stage
completed
Exfiltrate data
FAILURE –
alternate method
Service provider
attack
SUCCESS – stage
completed
Spoofed
communication
SUCCESS – stage
completed
Backdoor
execution
SUCCESS – stage
completed
Establish C2 server
comm
SUCCESS – stage
completed
Exfiltrate data
FAILURE –
alternate method
System
vulnerability
exploit
SUCCESS – stage
completed
Exfiltrate data
System
vulnerability
exploit
SUCCESS – stage
completed
FAILURE –
alternate method
Service provider
attack
SUCCESS – stage
completed
Spoofed
communication
SUCCESS – stage
completed
Backdoor
execution
SUCCESS – stage
completed
Establish C2 server
comm
SUCCESS – stage
completed
Exfiltrate data
APT10
7. Conclusion
Framework can be used for prioritization of
mitigations
It can also allow for personalization of
corporate policy
It is not just for APTs!
9. References
(1)Binde, B.E., McRee, R., & O’Connor, T.J. (2017). Assessing outbound traffic to uncover Advanced Persistent Threat.
SANS Technology Institute. Retrieved from https://www.sans.edu/student-files/projects/JWP-Binde-McRee-OConnor-
slideswnote.pdf
(2)FireEye Intelligence. (2017, April 06). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of
Longstanding Threat. Retrieved from https://www.fireeye.com/blog/threat-
research/2017/04/apt10_menupass_grou.html
(3)ICS-CERT (n.d.). Cyber Threat Source Descriptions. Retrieved from https://ics-cert.us-cert.gov/content/cyber-threat-
source-descriptions
(4)Lockheed Martin (n.d.). Gaining the advantage: Applying Cyber Kill Chain methodology to network defense. Retrieved
from https://www.lockheedmartin.com/content/dam/lockheed-
martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf
(5)MITRE. (n.d.). Group: Turla, Waterbug, WhiteBear. Retrieved from https://attack.mitre.org/wiki/Group/G0010
(6)MITRE. (n.d). Group: menuPass, Stone Panda, ... Retrieved from https://attack.mitre.org/wiki/Group/G0045
(7)MITRE. (n.d.). Introduction and Overview. Retrieved from https://attack.mitre.org/wiki/Introduction_and_Overview
(8)Neely, L. (2017). 2017 Threat Landscape Survey: Users on the Front Line. SANS Institute. Retrieved from
https://www.sans.org/reading-room/whitepapers/threats/2017-threat-landscape-survey-users-front-line-37910
(9)Rapid7. (2017, December 06). Top Threat Actors and Their Tactics, Techniques, Tools, and Targets. Retrieved from
https://blog.rapid7.com/2017/05/16/top-threat-actors/
(10)Rass, S., König, S., & Schauer, S. (2017). Defending Against Advanced Persistent Threats Using Game-Theory. PLoS
ONE, 12(1), e0168675. http://doi.org/10.1371/journal.pone.0168675
(11)Recorded Future. (2017, February 04). Top 6 Sources for Identifying Threat Actor TTPs. Retrieved from
https://www.recordedfuture.com/threat-actor-ttp-sources/