January 12

Webinar takeaway – Making MITRE ATT&CK Actionable

Code, Security

0 comments

My key takeaways

ATT&CK is a framework, not a how to or step by step instruction
How do we protect ourselves from techniques like Powershell used for attacks?
- deep technical knowledge <- hard to get for all 836 techniques mentioned in ATT&CK
- Identify technique coverage
- Build (SIEM) detections <- also hard to build
PYATTCK and PSATTCK might be helpfull tools
- they make ATT&CK accessible on CLI
- this information can be used in other tools/scripts

Env

Provided by Wild West Hackin’ Fest
Speaker
- Josh Rickard

additional links

User comments

https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html
jcritch — heute um 19:44 Uhr so, how is this information the tools spit out actually useful? How can it help me protect an enterprise? NullMoniker — heute um 19:49 Uhr If I'm not mistaken, a use case is this: you know (or have reason to suspect) your organization is being targeted by a particular threat actor. You look up open source info regarding their methods. You then use this tool to spit out a list of specific things you can do to help protect your org based on the threat actor's TTPs

Webinar takeaway – Shellcode Execution with Python

teaser for this Webcast, which made me attend Imagine you are pen testing a company and gain access to a Windows application server. You discover the server has application allow listing deployed, and strong EDR/XDR defensive solutions. To your excitement, you find there is a Python interpreter installed. It would be really great if you

Webinar Takeaway: Uncovering Secrets and Simplifying Your Life with CyberChef

My key takeaways Secrets everywhere, even on a parachute landing a mars rover CyberChef is a GCHQ project, so be aware using it with client data There is even a receipe for OCR in CyberChef There is even a receipe for Creating QR-codes in CyberChef you can use it to extract all URLs eg from

Jean-Christoph von Oertzen

Blog

Infosec glossary