MITRE ATT&CK version 14
I. Introduction: Importance of staying updated with frameworks like MITRE ATT&CK
In the realm of offensive security, staying updated with frameworks like MITRE ATT&CK is pivotal. It provides a structured understanding of adversary behaviors, which is crucial for red teamers to emulate realistic threat scenarios effectively. Each update, such as the recent v14, brings forth new techniques, tactics, and procedures (TTPs) reflecting the evolving threat landscap
B. Emphasizing continuous adaptation and learning in red teaming.
The continuous adaptation and learning ingrained in red teaming are pivotal for staying ahead of adversaries. As demonstrated by the updates in MITRE ATT&CK v14, red teams must continually evolve to meet the challenges posed by the dynamic threat landscape, ensuring they provide the utmost value in bolstering an organization’s security posture.
e. By assimilating these updates, red teams can enhance their strategies, ensuring they are testing against the most recent and relevant threat models. This continuous adaptation not only refines the red team’s skillset but also better prepares organizations to thwart real-world adversaries.
II. Unveiling MITRE ATT&CK v14
A. Overview of new features in v14
The MITRE ATT&CK v14 update showcased several new features, including a large expansion of detection notes and analytics, inclusion of Financial Theft and Voice Phishing in the Enterprise domain, structured Detections in Mobile, and the re-addition of Assets to ICS1.
B. Significance of expanded detection notes and analytics
The expanded detection notes and analytics in v14 are of paramount importance as they provide more granular insight into adversary behaviors. This granularity enables red teams to better emulate advanced threat actors, making their simulated attacks more realistic and thus, providing more value in identifying and mitigating potential security gaps within the organization.
III. Delving into New Domains A. Financial Theft and Voice Phishing in Enterprise The inclusion of Financial Theft and Voice Phishing underlines the evolving threat landscape, emphasizing the need for organizations to bolster defenses against such prevalent threats.
B. Structured Detections in Mobile and Assets re-addition to ICS Structured Detections in Mobile enhances threat detection capabilities, while the re-addition of Assets to ICS underscores the importance of securing industrial environments. These updates reflect a holistic approach, ensuring that red teams have a broader spectrum of scenarios to test against, thereby aiding in a comprehensive security posture assessment.
IV. Implications for Red Teams A. Adapting to enhanced detection capabilities The enhanced detection capabilities in MITRE ATT&CK v14 challenge red teams to refine their strategies to bypass improved defenses, fostering a continuous cycle of improvement in both offensive and defensive security realms.
B. Exploring new attack vectors in Financial Theft, Voice Phishing, and ICS These new domains open avenues for red teams to explore novel attack vectors, thereby expanding the scope of red teaming exercises. It underscores the need for red teams to evolve with the changing threat landscape to provide more value in identifying and mitigating emerging risks.
V. Conclusion
A. Reflection on the evolving landscape of offensive security
The ever-evolving landscape of offensive security underscores the importance of frameworks like MITRE ATT&CK in guiding red teams towards more effective and realistic testing scenarios.
B. Emphasizing continuous adaptation and learning in red teaming.
The continuous adaptation and learning ingrained in red teaming are pivotal for staying ahead of adversaries. As demonstrated by the updates in MITRE ATT&CK v14, red teams must continually evolve to meet the challenges posed by the dynamic threat landscape, ensuring they provide the utmost value in bolstering an organization’s security posture.
Techniques
Enterprise
New Techniques
- Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access (v1.0)
- Account Manipulation: Additional Container Cluster Roles (v1.0)
- Content Injection (v1.0)
- Credentials from Password Stores: Cloud Secrets Management Stores (v1.0)
- Exfiltration Over Web Service: Exfiltration Over Webhook (v1.0)
- Financial Theft (v1.0)
- Hide Artifacts: Ignore Process Interrupts (v1.0)
- Impair Defenses: Disable or Modify Linux Audit System (v1.0)
- Impersonation (v1.0)
- Log Enumeration (v1.0)
- Masquerading: Break Process Trees (v1.0)
- Modify Cloud Compute Infrastructure: Modify Cloud Compute Configurations (v1.0)
- Obfuscated Files or Information: LNK Icon Smuggling (v1.0)
- Phishing: Spearphishing Voice (v1.0)
- Phishing for Information: Spearphishing Voice (v1.0)
- Power Settings (v1.0)
- Remote Services: Direct Cloud VM Connections (v1.0)
- System Network Configuration Discovery: Wi-Fi Discovery (v1.0)
Major Version Changes
- Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder (v1.2→v2.0)
- Impair Defenses: Disable or Modify Cloud Logs (v1.3→v2.0)
Minor Version Changes
- Abuse Elevation Control Mechanism (v1.1→v1.2)
- Access Token Manipulation: Token Impersonation/Theft (v1.1→v1.2)
- Account Manipulation (v2.5→v2.6)
- Additional Cloud Credentials (v2.5→v2.6)
- Additional Cloud Roles (v2.2→v2.3)
- Additional Email Delegate Permissions (v2.0→v2.1)
- Device Registration (v1.1→v1.2)
- SSH Authorized Keys (v1.2→v1.3)
- Acquire Infrastructure (v1.2→v1.3)
- Adversary-in-the-Middle (v2.2→v2.3)
- Application Layer Protocol: File Transfer Protocols (v1.0→v1.1)
- Application Layer Protocol: Web Protocols (v1.1→v1.2)
- Archive Collected Data: Archive via Utility (v1.2→v1.3)
- Boot or Logon Autostart Execution: Print Processors (v1.0→v1.1)
- Boot or Logon Autostart Execution: Winlogon Helper DLL (v1.0→v1.1)
- Boot or Logon Autostart Execution: XDG Autostart Entries (v1.0→v1.1)
- Boot or Logon Initialization Scripts (v2.1→v2.2)
- Brute Force: Credential Stuffing (v1.3→v1.4)
- Brute Force: Password Guessing (v1.4→v1.5)
- Brute Force: Password Spraying (v1.3→v1.4)
- Cloud Service Dashboard (v1.1→v1.2)
- Command and Scripting Interpreter: Windows Command Shell (v1.2→v1.3)
- Compromise Client Software Binary (v1.0→v1.1)
- Compromise Infrastructure (v1.3→v1.4)
- Create Account (v2.3→v2.4)
- Cloud Account (v1.3→v1.4)
- Domain Account (v1.0→v1.1)
- Local Account (v1.2→v1.3)
- Create or Modify System Process: Systemd Service (v1.3→v1.4)
- Create or Modify System Process: Windows Service (v1.3→v1.4)
- Credentials from Password Stores (v1.0→v1.1)
- Data Destruction (v1.1→v1.2)
- Data from Cloud Storage (v2.0→v2.1)
- Data from Network Shared Drive (v1.3→v1.4)
- Deobfuscate/Decode Files or Information (v1.2→v1.3)
- Direct Volume Access (v2.0→v2.1)
- Email Collection (v2.4→v2.5)
- Remote Email Collection (v1.1→v1.2)
- Event Triggered Execution: Screensaver (v1.1→v1.2)
- Exfiltration Over Other Network Medium (v1.1→v1.2)
- Exfiltration Over Web Service (v1.2→v1.3)
- Exfiltration to Cloud Storage (v1.1→v1.2)
- Exfiltration to Code Repository (v1.0→v1.1)
- Exploitation for Credential Access (v1.4→v1.5)
- Exploitation for Defense Evasion (v1.3→v1.4)
- File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification (v1.1→v1.2)
- Forced Authentication (v1.2→v1.3)
- Forge Web Credentials (v1.3→v1.4)
- Hide Artifacts: Email Hiding Rules (v1.2→v1.3)
- Hijack Execution Flow: Path Interception by PATH Environment Variable (v1.0→v1.1)
- Impair Defenses (v1.4→v1.5)
- Disable Windows Event Logging (v1.2→v1.3)
- Disable or Modify Tools (v1.4→v1.5)
- Downgrade Attack (v1.1→v1.2)
- Indicator Blocking (v1.2→v1.3)
- Indicator Removal: Clear Network Connection History and Configurations (v1.0→v1.1)
- Indicator Removal: Clear Windows Event Logs (v1.2→v1.3)
- Ingress Tool Transfer (v2.2→v2.3)
- Inhibit System Recovery (v1.2→v1.3)
- Input Capture: Keylogging (v1.1→v1.2)
- Inter-Process Communication: Dynamic Data Exchange (v1.2→v1.3)
- Lateral Tool Transfer (v1.2→v1.3)
- Masquerading (v1.5→v1.6)
- Masquerade Task or Service (v1.1→v1.2)
- Match Legitimate Name or Location (v1.1→v1.2)
- Modify Authentication Process: Multi-Factor Authentication (v1.0→v1.1)
- Modify Cloud Compute Infrastructure (v1.1→v1.2)
- Modify Registry (v1.3→v1.4)
- Native API (v2.1→v2.2)
- Network Service Discovery (v3.0→v3.1)
- Network Share Discovery (v3.1→v3.2)
- Network Sniffing (v1.4→v1.5)
- Non-Application Layer Protocol (v2.2→v2.3)
- OS Credential Dumping: LSASS Memory (v1.2→v1.3)
- OS Credential Dumping: NTDS (v1.1→v1.2)
- OS Credential Dumping: Security Account Manager (v1.0→v1.1)
- Obfuscated Files or Information (v1.4→v1.5)
- Embedded Payloads (v1.0→v1.1)
- HTML Smuggling (v1.0→v1.1)
- Phishing (v2.3→v2.4)
- Spearphishing Link (v2.4→v2.5)
- Phishing for Information (v1.2→v1.3)
- Spearphishing Link (v1.4→v1.5)
- Process Discovery (v1.3→v1.4)
- Process Injection: Dynamic-link Library Injection (v1.2→v1.3)
- Process Injection: Process Hollowing (v1.2→v1.3)
- Reflective Code Loading (v1.0→v1.1)
- Remote Access Software (v2.1→v2.2)
- Remote Service Session Hijacking: RDP Hijacking (v1.0→v1.1)
- Remote Services (v1.3→v1.4)
- Distributed Component Object Model (v1.2→v1.3)
- Remote Desktop Protocol (v1.1→v1.2)
- SMB/Windows Admin Shares (v1.1→v1.2)
- SSH (v1.1→v1.2)
- Windows Remote Management (v1.1→v1.2)
- Remote System Discovery (v3.4→v3.5)
- Resource Hijacking (v1.3→v1.4)
- Scheduled Task/Job: At (v2.0→v2.1)
- Scheduled Task/Job: Scheduled Task (v1.3→v1.4)
- Scheduled Task/Job: Systemd Timers (v1.1→v1.2)
- Shared Modules (v2.1→v2.2)
- Software Deployment Tools (v2.1→v2.2)
- Subvert Trust Controls: Install Root Certificate (v1.1→v1.2)
- System Binary Proxy Execution: Rundll32 (v2.1→v2.2)
- System Network Configuration Discovery (v1.5→v1.6)
- System Owner/User Discovery (v1.4→v1.5)
- System Services: Service Execution (v1.1→v1.2)
- Taint Shared Content (v1.3→v1.4)
- Trusted Developer Utilities Proxy Execution: MSBuild (v1.2→v1.3)
- Unsecured Credentials: Credentials In Files (v1.1→v1.2)
- Unsecured Credentials: Credentials in Registry (v1.0→v1.1)
- Use Alternate Authentication Material: Pass the Hash (v1.1→v1.2)
- Valid Accounts: Cloud Accounts (v1.5→v1.6)
- Valid Accounts: Domain Accounts (v1.3→v1.4)
- Valid Accounts: Local Accounts (v1.3→v1.4)
- Windows Management Instrumentation (v1.3→v1.4)
Patches
- Cloud Service Discovery (v1.3)
- Event Triggered Execution: PowerShell Profile (v1.1)
- Forge Web Credentials: SAML Tokens (v1.2)
- Forge Web Credentials: Web Cookies (v1.1)
- Masquerading: Masquerade File Type (v1.0)
- Masquerading: Rename System Utilities (v1.1)
- OS Credential Dumping: Cached Domain Credentials (v1.0)
- Replication Through Removable Media (v1.2)
- Steal Application Access Token (v1.2)
- Steal Web Session Cookie (v1.2)
- System Binary Proxy Execution: Compiled HTML File (v2.1)
- Use Alternate Authentication Material: Application Access Token (v1.5)
- Use Alternate Authentication Material: Web Session Cookie (v1.3)
Mobile
New Techniques
- Application Versioning (v1.0)
- Data Destruction (v1.0)
- Exploitation for Client Execution (v1.0)
- Masquerading (v1.0)
- Match Legitimate Name or Location (v1.0)
- Phishing (v1.0)
- Remote Access Software (v1.0)
Minor Version Changes
- Call Control (v1.1→v1.2)
- Command and Scripting Interpreter (v1.1→v1.2)
- Unix Shell (v1.1→v1.2)
- Download New Code at Runtime (v1.4→v1.5)
- Drive-By Compromise (v2.1→v2.2)
- Dynamic Resolution (v1.0→v1.1)
- Domain Generation Algorithms (v1.0→v1.1)
- Exfiltration Over Alternative Protocol (v1.0→v1.1)
- Exfiltration Over Unencrypted Non-C2 Protocol (v1.0→v1.1)
- Exfiltration Over C2 Channel (v1.0→v1.1)
- Impair Defenses: Prevent Application Removal (v1.1→v1.2)
- Ingress Tool Transfer (v2.1→v2.2)
- Input Injection (v1.1→v1.2)
- Lockscreen Bypass (v1.2→v1.3)
- Obfuscated Files or Information (v3.0→v3.1)
- Replication Through Removable Media (v2.0→v2.1)
- Web Service (v1.2→v1.3)
- Bidirectional Communication (v1.1→v1.2)
- Dead Drop Resolver (v1.1→v1.2)
- One-Way Communication (v1.1→v1.2)
Patches
- Credentials from Password Store (v1.1)
- Exploitation for Privilege Escalation (v2.1)
- Hijack Execution Flow: System Runtime API Hijacking (v1.1)
- Location Tracking: Impersonate SS7 Nodes (v1.1)
- Non-Standard Port (v2.1)
ICS
Minor Version Changes
- Block Command Message (v1.0→v1.1)
- Modify Controller Tasking (v1.1→v1.2)
- Modify Parameter (v1.2→v1.3)
- Modify Program (v1.1→v1.2)
- Service Stop (v1.0→v1.1)
Patches
- Activate Firmware Update Mode (v1.0)
- Adversary-in-the-Middle (v2.0)
- Alarm Suppression (v1.2)
- Automated Collection (v1.0)
- Block Reporting Message (v1.0)
- Block Serial COM (v1.1)
- Brute Force I/O (v1.1)
- Change Credential (v1.0)
- Change Operating Mode (v1.0)
- Command-Line Interface (v1.1)
- Commonly Used Port (v1.1)
- Connection Proxy (v1.1)
- Damage to Property (v1.1)
- Data Destruction (v1.0)
- Data from Information Repositories (v1.2)
- Data from Local System (v1.0)
- Default Credentials (v1.0)
- Denial of Control (v1.1)
- Denial of Service (v1.1)
- Denial of View (v1.1)
- Detect Operating Mode (v1.0)
- Device Restart/Shutdown (v1.1)
- Drive-by Compromise (v1.0)
- Execution through API (v1.1)
- Exploit Public-Facing Application (v1.0)
- Exploitation for Evasion (v1.1)
- Exploitation for Privilege Escalation (v1.1)
- Exploitation of Remote Services (v1.0)
- External Remote Services (v1.1)
- Graphical User Interface (v1.1)
- Hardcoded Credentials (v1.0)
- Hooking (v1.2)
- I/O Image (v1.1)
- Indicator Removal on Host (v1.0)
- Internet Accessible Device (v1.0)
- Lateral Tool Transfer (v1.1)
- Loss of Availability (v1.0)
- Loss of Control (v1.0)
- Loss of Productivity and Revenue (v1.0)
- Loss of Protection (v1.0)
- Loss of Safety (v1.0)
- Loss of View (v1.0)
- Manipulate I/O Image (v1.1)
- Manipulation of Control (v1.0)
- Manipulation of View (v1.0)
- Masquerading (v1.1)
- Modify Alarm Settings (v1.2)
- Module Firmware (v1.1)
- Monitor Process State (v1.0)
- Native API (v1.0)
- Network Connection Enumeration (v1.1)
- Network Sniffing (v1.0)
- Point & Tag Identification (v1.1)
- Program Download (v1.1)
- Program Upload (v1.0)
- Project File Infection (v1.0)
- Remote Services (v1.1)
- Remote System Discovery (v1.1)
- Remote System Information Discovery (v1.1)
- Replication Through Removable Media (v1.0)
- Rogue Master (v1.2)
- Rootkit (v1.1)
- Screen Capture (v1.0)
- Scripting (v1.0)
- Spearphishing Attachment (v1.1)
- Spoof Reporting Message (v1.2)
- Standard Application Layer Protocol (v1.0)
- Supply Chain Compromise (v1.1)
- System Firmware (v1.1)
- Theft of Operational Information (v1.0)
- Transient Cyber Asset (v1.2)
- Unauthorized Command Message (v1.2)
- User Execution (v1.1)
- Valid Accounts (v1.1)
- Wireless Compromise (v1.2)
- Wireless Sniffing (v1.1)
Software
Enterprise
New Software
- ANDROMEDA (v1.0)
- AsyncRAT (v1.0)
- BADHATCH (v1.0)
- Disco (v1.0)
- KOPILUWAK (v1.0)
- NightClub (v1.0)
- Pacu (v1.0)
- QUIETCANARY (v1.0)
- QUIETEXIT (v1.0)
- RotaJakiro (v1.0)
- Sardonic (v1.0)
- SharpDisco (v1.0)
- Snip3 (v1.0)
- ngrok (v1.2)
Major Version Changes
- OSX_OCEANLOTUS.D (v2.2→v3.0)
- Uroburos (v1.0→v2.0)
Minor Version Changes
- AdFind (v1.2→v1.3)
- Agent Tesla (v1.2→v1.3)
- Arp (v1.1→v1.2)
- BITSAdmin (v1.3→v1.4)
- BlackEnergy (v1.3→v1.4)
- BloodHound (v1.4→v1.5)
- Cobalt Strike (v1.10→v1.11)
- Conti (v2.1→v2.2)
- CrossRAT (v1.1→v1.2)
- Dridex (v2.0→v2.1)
- Emotet (v1.4→v1.5)
- Empire (v1.6→v1.7)
- Fysbis (v1.2→v1.3)
- GoldMax (v2.1→v2.2)
- Imminent Monitor (v1.0→v1.1)
- Impacket (v1.4→v1.5)
- KillDisk (v1.1→v1.2)
- LaZagne (v1.4→v1.5)
- Mimikatz (v1.7→v1.8)
- NETWIRE (v1.5→v1.6)
- Net (v2.4→v2.5)
- Nltest (v1.1→v1.2)
- OSX/Shlayer (v1.3→v1.4)
- Ping (v1.3→v1.4)
- PsExec (v1.4→v1.5)
- Pupy (v1.2→v1.3)
- Ragnar Locker (v1.1→v1.2)
- Regin (v1.1→v1.2)
- Revenge RAT (v1.1→v1.2)
- Rubeus (v1.0→v1.1)
- Ryuk (v1.3→v1.4)
- TrickBot (v2.0→v2.1)
- WarzoneRAT (v1.0→v1.1)
- certutil (v1.3→v1.4)
- esentutl (v1.2→v1.3)
- jRAT (v2.1→v2.2)
- netstat (v1.1→v1.2)
- njRAT (v1.4→v1.5)
Patches
- BlackCat (v1.0)
- Calisto (v1.1)
- Carbanak (v1.1)
- Doki (v1.0)
- Industroyer (v1.1)
- LockerGoga (v2.0)
- PUNCHBUGGY (v2.1)
- PUNCHTRACK (v1.1)
- PowerSploit (v1.6)
Revocations
- Ngrok (revoked by ngrok) (v1.1)
Mobile
New Software
- BOULDSPY (v1.0)
- Chameleon (v1.0)
- Escobar (v1.0)
- Fakecalls (v1.0)
- FlyTrap (v1.0)
- Hornbill (v1.0)
- Sunbird (v1.0)
ICS
Minor Version Changes
- BlackEnergy (v1.3→v1.4)
- KillDisk (v1.1→v1.2)
- Ryuk (v1.3→v1.4)
Patches
- Industroyer (v1.1)
- LockerGoga (v2.0)
Groups
Enterprise
New Groups
- FIN13 (v1.0)
- MoustachedBouncer (v1.0)
- Scattered Spider (v1.0)
- TA2541 (v1.0)
- Volt Typhoon (v1.0)
Major Version Changes
- APT29 (v4.0→v5.0)
- FIN7 (v2.2→v3.0)
- FIN8 (v1.3→v2.0)
- Indrik Spider (v2.1→v3.0)
- Turla (v3.1→v4.0)
- Wizard Spider (v2.1→v3.0)
Minor Version Changes
- APT32 (v2.6→v2.7)
- Confucius (v1.0→v1.1)
- Dragonfly (v3.1→v3.2)
- LAPSUS$ (v1.1→v1.2)
- Magic Hound (v5.1→v5.2)
- Sandworm Team (v3.0→v3.1)
- SilverTerrier (v1.1→v1.2)
Patches
- APT37 (v2.0)
- Ajax Security Team (v1.0)
- Darkhotel (v2.1)
- Kimsuky (v3.1)
Mobile
New Groups
- Confucius (v1.1)
- MoustachedBouncer (v1.0)
Minor Version Changes
- Sandworm Team (v3.0→v3.1)
ICS
Major Version Changes
- FIN7 (v2.2→v3.0)
- Wizard Spider (v2.1→v3.0)
Minor Version Changes
- Dragonfly (v3.1→v3.2)
- Sandworm Team (v3.0→v3.1)
Campaigns
Enterprise
New Campaigns
- 2015 Ukraine Electric Power Attack (v1.0)
- C0026 (v1.0)
- C0027 (v1.0)
Minor Version Changes
- Operation Dream Job (v1.0→v1.1)
Mobile
ICS
New Campaigns
Assets
ICS
New Assets
- Application Server (v1.0)
- Control Server (v1.0)
- Data Gateway (v1.0)
- Data Historian (v1.0)
- Field I/O (v1.0)
- Human-Machine Interface (HMI) (v1.0)
- Intelligent Electronic Device (IED) (v1.0)
- Jump Host (v1.0)
- Programmable Logic Controller (PLC) (v1.0)
- Remote Terminal Unit (RTU) (v1.0)
- Routers (v1.0)
- Safety Controller (v1.0)
- Virtual Private Network (VPN) Server (v1.0)
- Workstation (v1.0)
Mitigations
Enterprise
Minor Version Changes
- Application Developer Guidance (v1.0→v1.1)
Mobile
New Mitigations
- Antivirus/Antimalware (v1.0)
Minor Version Changes
- Application Developer Guidance (v1.0→v1.1)
Patches
- Interconnection Filtering (v1.0)
ICS
Minor Version Changes
- Authorization Enforcement (v1.0→v1.1)
- Human User Authentication (v1.0→v1.1)
Patches
- Access Management (v1.0)
- Account Use Policies (v1.0)
- Antivirus/Antimalware (v1.0)
- Application Developer Guidance (v1.0)
- Application Isolation and Sandboxing (v1.0)
- Audit (v1.0)
- Boot Integrity (v1.0)
- Code Signing (v1.0)
- Communication Authenticity (v1.0)
- Data Backup (v1.0)
- Disable or Remove Feature or Program (v1.0)
- Encrypt Network Traffic (v1.0)
- Encrypt Sensitive Information (v1.0)
- Execution Prevention (v1.0)
- Exploit Protection (v1.0)
- Filter Network Traffic (v1.0)
- Limit Access to Resource Over Network (v1.0)
- Limit Hardware Installation (v1.0)
- Minimize Wireless Signal Propagation (v1.0)
- Multi-factor Authentication (v1.0)
- Network Allowlists (v1.0)
- Network Intrusion Prevention (v1.0)
- Network Segmentation (v1.0)
- Operating System Configuration (v1.0)
- Out-of-Band Communications Channel (v1.0)
- Password Policies (v1.0)
- Privileged Account Management (v1.0)
- Redundancy of Service (v1.0)
- Restrict File and Directory Permissions (v1.0)
- Restrict Library Loading (v1.0)
- Restrict Registry Permissions (v1.0)
- Restrict Web-Based Content (v1.0)
- Software Configuration (v1.0)
- Software Process and Device Authentication (v1.0)
- Static Network Configuration (v1.1)
- Supply Chain Management (v1.0)
- Update Software (v1.0)
- User Account Management (v1.0)
- User Training (v1.0)
- Validate Program Inputs (v1.0)
- Vulnerability Scanning (v1.0)
Contributors to this release
- Aaron Jornet
- Adam Lichters
- Adam Mashinchi
- Ai Kimura, NEC Corporation
- Alain Homewood
- Alex Spivakovsky, Pentera
- Amir Gharib, Microsoft Threat Intelligence
- Andrew Northern, @ex_raritas
- Arad Inbar, Fidelis Security
- Austin Herrin
- Ben Smith, @ezaspy
- Bilal Bahadır Yenici
- Blake Strom, Microsoft Threat Intelligence
- Brian Donohue
- Caio Silva
- Christopher Peacock
- Edward Stevens, BT Security
- Ford Qin, Trend Micro
- Giorgi Gurgenidze, ISAC
- Goldstein Menachem
- Gregory Lesnewich, @greglesnewich
- Gunji Satoshi, NEC Corporation
- Harry Kim, CODEMIZE
- Harun Küßner
- Hiroki Nagahama, NEC Corporation
- Itamar Mizrahi, Cymptom
- Jack Burns, HubSpot
- Janantha Marasinghe
- Jennifer Kim Roman, CrowdStrike
- Joas Antonio dos Santos, @C0d3Cr4zy
- Joe Gumke, U.S. Bank
- Joe Slowik – Dragos
- Joey Lei
- Juan Tapiador
- Liran Ravich, CardinalOps
- Manikantan Srinivasan, NEC Corporation India
- Martin McCloskey, Datadog
- Matt Green, @mgreen27
- Michael Raggi @aRtAGGI
- Mohit Rathore
- Naveen Devaraja, bolttech
- Noam Lifshitz, Sygnia
- Olaf Hartong, Falcon Force
- Oren Biderman, Sygnia
- Pawel Partyka, Microsoft Threat Intelligence
- Phyo Paing Htun (ChiLai), I-Secure Co.,Ltd
- Pooja Natarajan, NEC Corporation India
- Sam Seabrook, Duke Energy
- Serhii Melnyk, Trustwave SpiderLabs
- Shailesh Tiwary (Indian Army)
- Shankar Raman, Gen Digital and Abhinand, Amrita University
- Sunders Bruskin, Microsoft Threat Intelligence
- Tahseen Bin Taj
- Thanabodi Phrakhun, @naikordian
- The DFIR Report
- Tim (Wadhwa-)Brown
- Tom Simpson, CrowdStrike Falcon OverWatch
- Tristan Madani (Cybereason)
- TruKno
- Uriel Kosayev
- Vijay Lalwani
- Will Thomas, Equinix
- Yasuhito Kawanishi, NEC Corporation
- Yoshihiro Kori, NEC Corporation
- Yossi Weizman, Microsoft Threat Intelligence
