Using MITRE ATT&CK®-based analytics for threat detection: 5 principles
MITRE ATT&CK-based threat detection vs. conventional methods A number of traditional methods for threat detection exist; however, cyber threat actors have developed methods for evading these, such as: Tool Testing:
Use cases for implementing the MITRE ATT&CK® framework
The MITRE ATT&CK ® framework is a vast repository of cybersecurity knowledge. Each of the MITRE ATT&CK framework outlines a number of goals that an attacker may need to achieve
How to Use the MITRE ATT&CK® Framework and the Lockheed Martin Cyber Kill Chain Together
What is the Lockheed Martin Cyber Kill Chain? The Lockheed Martin Cyber Kill Chain is the first attempt to describe the structure and lifecycle of a cyberattack. It breaks a
Let’s Cook ‘Compliance as Code’ with Chef InSpec
Introduction The concept of DevSecOps has introduced an array of changes to our traditional operations. One of the major changes was to move away from using tools, to learning to
In pursuit of diversity
Security Magazine | In Pursuit of Diversity | 2020-11-01 | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience.
DHS Cyber Hunt and Incident Response Teams (HIRT) Act: What you need to know
Introduction Not a month goes by without the new media reporting that another city or municipality has fallen victim to a cyberattack, and oftentimes this attack comes in the form
Bringing PRE into Enterprise
Adam PenningtonOct 27, 2020 · 6 min read Written by Adam Pennington and Jen Burns We’re excited to announce that we’ve released the latest version of MITRE ATT&CK (v8), which
Defining ATT&CK Data Sources, Part II: Operationalizing the Methodology
Jose Luis RodriguezOct 20, 2020 · 9 min read In Part I of this two-part blog series, we reviewed the current state of the data sources and an initial approach
Deanonymizing Tor using ML
Standard Tor Traffic and Machine Learning /ML/ Unlike conventional non-Tor encrypted traffic that comes with openly visible destination attributes such as IP addresses (both source and destination) and port number,
Japan’s IoT scanning project looks for vulnerable IoT devices
The growing world of IoT — and security concerns The Internet of Things (IoT) is still a baby compared to other computing technologies, but the market has already exploded and
Blockchain second-layer protocols
The Limitations of the Blockchain Blockchain technology was a major innovation. The original Bitcoin whitepaper, authored by the pseudonymous Satoshi Nakamoto, described the first system that made a fully decentralized
Blockchain alternative distributed ledger architectures
Introduction to Alternative Distributed Ledger Architectures Blockchains are the original distributed ledger architecture, and the creation of blockchain was a major innovation. However, blockchains also have their limitations, such as:
Database Penetration Testing
In this post, I would like to share knowledge and experience while doing Database Penetration Testing. The purpose of Penetration Testing is to find vulnerabilities within the system and simulate
Group attribution error – The most pervasive and potentially consequential threat of our day
Security Magazine | Group attribution error – The most pervasive and potentially consequential threat of our day | 2020-10-01 | Security Magazine This website requires certain cookies to work and
In Pursuit of a Gestalt Visualization: Merging MITRE ATT&CK® for Enterprise and ICS to Communicate
Otis AlexanderSep 29, 2020 · 10 min read (Note: The content of this post is being released jointly with Mandiant. It is co-authored with Daniel Kapellmann Zafra, Keith Lunden, Nathan
IoT security fundamentals: IoT vs OT (Operational Technology)
Introduction: Knowing the Notions Industrial Internet of Things (IIoT) incorporates technologies such as machine learning, machine-to-machine (M2M) communication, sensor data, Big Data, etc. This article will focus predominantly on the
8 of the world’s biggest insider threat security incidents
Introduction If you work in security or are just interested in the general area of cybersecurity you will no doubt have heard of the dreaded insider threat. In the context
IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications
Introduction: IoT Manufacturers Favor Convenience over Security Because IoT security is still an afterthought, cybercriminals in general consider smart devices a “low-hanging fruit” – a target easy to compromise and
Deepfake
Introduction “Deepfake” isn’t a new type of beauty cream, an underwater virtual tour or even a sternly worded insult. It is in fact, the culmination of decades worth of audio
Defining ATT&CK Data Sources, Part I: Enhancing the Current State
Jose Luis RodriguezSep 10, 2020 · 10 min readFigure 1: Example of Mapping of Process Data Source to Event Logs Discussion around ATT&CK often involves tactics, techniques, procedures, detections, and
IoT Security Fundamentals: Hardware, Software and Radio Security
What is IoT – IoT stands for Internet of Things. The Internet of Things (IoT) is the interconnection and network of various devices formed by connecting any physical device (Vehicle,
When and how to report a breach: Data breach reporting best practices
One day you go into work and the nightmare has happened. The company has had a data breach. This scenario plays out, many times, each and every day, across all
Hacker Infrastructure and Underground Hosting 101
Trend Micro – Cybercriminals are in the business of making money at their victims’ expense. Unfortunately, this involves a great deal of stolen money and countless victims through identity and
It’s coming: National Cybersecurity Awareness Month
Security Magazine | It’s coming: National Cybersecurity Awareness Month | 2020-09-01 | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the
IoT Security Fundamentals: Detecting and Exploiting Web Application Vulnerabilities
Introduction In this article, we will be learning how to emulate a firmware for exploiting a web application vulnerability called blind command injection. This is found in the older firmware
IoT security fundamentals: Reverse-engineering firmware
Firmware is any software installed on the IoT device. The user interacts with the device using this interface and communicates with the hardware. In this article, we will be learning
Cyber Work Podcast recap: What does a military forensics and incident responder do?
Introduction Cybersecurity meets CSI in the exciting field of digital forensics and incident response. In this role, tech-savvy investigators sift through computer systems and servers for clues to crimes. You
QRLJACKING and QRLJACKER
In this post, i would like to share one attack method that will take advantage on QR Code which called Quick Response Code Login Jacking (QRLJacking). QRLJacking is a new
Securing our Democracy: The case for robust campaign cybersecurity
Security Magazine | Securing Our Democracy: The Case for Robust Campaign Cybersecurity | 2020-08-01 | Security Magazine This website requires certain cookies to work and uses other cookies to help
Analysis of ransomware used in recent cyberattacks on health care institutions
Introduction In recent years, there has been a steady increase in the number of ransomware attacks on healthcare institutions. The pressure such institutions experienced as a result of the COVID-19
Top 8 cybersecurity books for incident responders in 2020
Introduction Are you passionate about incident response? Do you want to build upon your knowledge of how to mitigate cyberthreats? If yes, then you’d love the nuggets of wisdom these
“ATT&CK with Sub-Techniques” is Now Just ATT&CK
Adam PenningtonJul 8, 2020 · 11 min read (Note: Much of the content in this post was consolidated and updated from previous posts written by Blake Strom with new content
Zero trust further considered – another benefit of living in the times of AI
Security Magazine | Zero Trust Further Considered – Another Benefit of Living in the Times of AI | 2020-07-01 | Security Magazine This website requires certain cookies to work and
Actionable Detections: An Analysis of ATT&CK Evaluations Data Part 2 of 2
Jamie WilliamsJun 18, 2020 · 8 min read In part 1 of this blog series, we introduced how you can break down and understand detections by security products. When analyzing
Digital forensics and incident response: Is it the career for you?
Introduction When many of us think of detective work, we conjure up images of trench-coated detectives chasing bad guys down darkened alleyways or poring over black-and-white crime scene photos. While
How artificial intelligence is changing social engineering
When I was first learning about social engineering, I remember listening to a recording of different phone calls to Starbucks. I was astounded how easy it was to obtain sensitive
Unified Endpoint Security: Combating the Chaos, Complexity and Other Conundrums Plaguing Our Community
Security Magazine | Unified Endpoint Security: Combating the Chaos, Complexity and Other Conundrums Plaguing Our Community | 2020-06-01 | Security Magazine This website requires certain cookies to work and uses
2020 NIST ransomware recovery guide: What you need to know
Introduction Over the past decade, a destructive piece of malware has grown from a novel concept into a digital epidemic. Now ransomware is causing a serious impact on organizations’ assets.
Top cyber security risks in healthcare [updated 2020]
The healthcare industry is a prime target for cybercriminals. Stolen protected health information (PHI) is worth hundreds, even thousands of dollars on the black market. For cybercriminals, the healthcare industry
DECADE OF THE RATs: Novel Cross-Platform APT Attacks Targeting Linux Windows and Android
Security Magazine | DECADE OF THE RATs: Novel Cross-Platform APT Attacks Targeting Linux Windows and Android | 2020-05-01 | Security Magazine This website requires certain cookies to work and uses
Why Organizations Need to Simplify Cybersecurity
Trend Micro – Increasing productivity amongst employees and empowering DevOps to deliver agile, customer-centric services are the central reasons so many organizations are embracing cloud platforms. But the issue with
Federated Learning
Introduction Privacy used to be so common (in the 1990s and early 2000s) that you literally could not escape it. Interactive advances in technology, social media not being the least
Keeping Alexa out of the boardroom (and the bedroom office): IoT security tips for remote employees
Introduction I can’t help myself. I find myself liking Alexa. She/he/it isn’t exactly a friend, but I can play music and find out the weather and do all sorts of
Vulnerabilities Assessment vs Penetration Testing
In this post, I would like to share the difference between Vulnerabilities Assessment vs Penetration Testing during real-life security testing. However, some organizations might want to do Vulnerabilities Assessment and
Network traffic analysis for IR: Data exfiltration
Introduction Understanding network behavior is a prerequisite for developing effective incident detection and response capabilities. ESG research has found that 87 percent of companies use Network Traffic Analysis (NTA) tools
Attribution: 3 Questions to Ask When Deciding How It Matters
Security Magazine | Attribution: 3 Questions to Ask When Deciding How It Matters | 2020-04-01 | Security Magazine This website requires certain cookies to work and uses other cookies to
Network traffic analysis for IR: Basic protocols in networking
Introduction In this article, we’ll discuss some of the basic protocols that are commonly used in computer networking. A good understanding of computer networking is required by fresh hackers in
Privileges Escalation for Linux and Windows Operating System
What is Privileges Escalation For those are not very familiar with Privilege Escalation, it is an act of exploiting vulnerabilities or bug where the attacker will take advantages of the