Download as PDF, PPTX
More Related Content
Similar to The Adversaries We've Met Along the Way
![Taking the Attacker Eviction Red Pill [updated]](https://cdn.slidesharecdn.com/ss_thumbnails/2018-06-26first-hommedalapt-eviction-red-pillfinal-v1-181123184926-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Bucharest] Attack is easy, let's talk defence](https://cdn.slidesharecdn.com/ss_thumbnails/attackiseasyletstalkdefencev3-151026104559-lva1-app6891-thumbnail.jpg?width=640&height=640&fit=bounds)
![Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]](https://cdn.slidesharecdn.com/ss_thumbnails/codedagentsdeck-251215155422-5497c599-thumbnail.jpg?width=640&height=640&fit=bounds)
The Adversaries We've Met Along the Way
- 1. The Adversaries We’veMet Along the Way Adam Pennington (@_whatshisface) MITRE ATT&CK Lead ©2023 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1.
- 2. A knowledge baseof adversary tactics and techniques based on real-world observations. ©2023 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1.
- 3. ©2023 The MITRECorporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1. https://attack.mitre.org/groups/
- 4. The World We’reUsed To ©2023 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1. Incident Incident Incident Incident Incident Incident Incident Threat Group APT1337 Angry Gecko G0256 Incident Incident Incident
- 5. What We’re ActuallyDoing ©2023 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1. Incident Incident Incident Incident Incident Threat Group 2008 – Training Wheels 2016 – Competent Incident Incident Incident Incident Incident 2023 – 🔥
- 6. Ransomware is AnotherMess ©2023 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1. Threat Group Ransomware-as-a- Service (RaaS) Operator RaaS Affiliate RaaS Affiliate
- 7. ©2023 The MITRECorporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1. Campaign A grouping of intrusion activity conducted over a specific period of time with common targets and objectives. https://medium.com/mitre-attack/attack-2022-roadmap-cd5a1a3387c7
- 8. A Threat GroupInto Campaigns ©2023 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1. Incident Incident Incident Incident Incident Incident Incident C0154/Solorigate C0199/GRIZZLY STEPPE C0155/PowerDuke G0016 APT29 Incident Incident Incident
- 9. Takeaways Adversaries change behaviorslowly, but even with slow change can completely transform Building long term threat groups can be useful, but can make a mess of our intel Introducing a bit of structure can get us back some of the context we’ve lost along the way ©2023 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1.
- 10. https://attack.mitre.org attack@mitre.org Adam Pennington @_whatshisface ©2023 TheMITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 23-00696-1.