January 12

Webinar takeaway – Making MITRE ATT&CK Actionable

0  comments

My key takeaways

  • ATT&CK is a framework, not a how to or step by step instruction
  • How do we protect ourselves from techniques like Powershell used for attacks?
    • deep technical knowledge <- hard to get for all 836 techniques mentioned in ATT&CK
    • Identify technique coverage
    • Build (SIEM) detections <- also hard to build
  • PYATTCK and PSATTCK might be helpfull tools
    • they make ATT&CK accessible on CLI
    • this information can be used in other tools/scripts

Env

additional links

User comments

  • https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html
  • jcritch — heute um 19:44 Uhr
    so, how is this information the tools spit out actually useful?
    How can it help me protect an enterprise?
    NullMoniker — heute um 19:49 Uhr
    If I’m not mistaken, a use case is this: you know (or have reason to suspect) your organization is being targeted by a particular threat actor. You look up open source info regarding their methods. You then use this tool to spit out a list of specific things you can do to help protect your org based on the threat actor’s TTPs


Tags

att&ck, mitre, powershell, python, tools


You may also like

Webinar takeaway – Shellcode Execution with Python

Webinar takeaway – Shellcode Execution with Python

Webinar Takeaway: Uncovering Secrets and Simplifying Your Life with CyberChef

Webinar Takeaway: Uncovering Secrets and Simplifying Your Life with CyberChef
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}