I. Introduction: Importance of staying updated with frameworks like MITRE ATT&CK In the realm of offensive security, staying updated with frameworks like MITRE ATT&CK is pivotal. It provides a structured understanding of adversary behaviors, which is crucial for red teamers to emulate realistic threat scenarios effectively. Each update, such as the recent v14, brings forth… Continue reading MITRE ATT&CK version 14
Tag: Threat
MITRE ATT&CK version 13
MITRE ATT&CK version 13 has been recently launched, bringing some significant updates. These include: ATT&CK version 13 for Enterprise includes 14 tactics, 196 techniques, 411 sub-techniques, 138 groups, b22 campaigns, and 740 software pieces. The upcoming version 14, set to release in October, will further enhance the coverage across domains, introduce renovated mitigations, new cross-domain… Continue reading MITRE ATT&CK version 13
ATT&CK v12 is now accessible! Revisions – October 2022
Updates to Techniques, Groups, and Software for Enterprise, Mobile, and ICS are included in the October 2022 (v12) ATT&CK release. The addition of detections to ATT&CK for ICS and the inclusion of Campaigns are the two biggest updates in ATT&CK v12. The ATT&CK for ICS detections are tied to particular Data Sources and Data Components,… Continue reading ATT&CK v12 is now accessible! Revisions – October 2022
Micro Emulation Plans by MITRE-Engenuity
We enjoy imitating the opposition. In fact, it’s so important that they’ve written, spoken, trained on it, and are still developing and disseminating more emulation plans (including one of the first public Adversary Emulation Plans). However, many organisations are unable to overcome the entry barrier due to the expense and complexity involved in developing or even carrying out the majority of adversary emulation plans. The Center for Threat-Informed Defense (Center) collaborated with AttackIQ, Inc., Booz Allen Hamilton, Inc., Citigroup Technology, Inc., Ernst & Young U.S. LLP, Fujitsu, HCA — Information Technology & Services, Inc., IBM Corporation, Microsoft Corporation, and Verizon Business Services to create Micro Emulation Plans in an effort to make adversary emulation accessible to a wider audience. By using simple to use executable binaries that any user can use, these emulation plans re-imagine adversary emulation to focus on very specific threat-informed defensive objectives. Currently Used Adversary EmulationThe four general steps that make up an operation when it comes to adversary emulation today are cyber threat intelligence (CTI) research,… Continue reading Micro Emulation Plans by MITRE-Engenuity
Organizations in Poland and Ukraine are affected by the new “Prestige” ransomware.
The Microsoft Threat Intelligence Center (MSTIC) has found evidence of a novel ransomware campaign using a hitherto unidentified ransomware payload that targets businesses in the logistics and transportation sectors in Poland and Ukraine. On October 11, we saw the introduction of this new ransomware, which refers to itself in its ransom note as “Prestige ransomware,”… Continue reading Organizations in Poland and Ukraine are affected by the new “Prestige” ransomware.
MITRE ATT&CK® Released Updates in Apr 2022 With Additional Techniques and Structuring
The Techniques, Groups, and Software for Enterprise, Mobile, and ICS are updated in the April 2022 (v11) ATT&CK release. The most significant modifications are the reorganisation of Detections, which are now connected to Data Source and Data Component objects in Enterprise ATT&CK, the beta release of ATT&CK for Mobile using sub-techniques, and the addition of… Continue reading MITRE ATT&CK® Released Updates in Apr 2022 With Additional Techniques and Structuring
The Microsoft Threat Modeling Tool (TMT)
A crucial component of the Microsoft Security Development Lifecycle is the Threat Modeling Tool (SDL). Early detection and mitigation of potential security issues, when they are still manageable and affordable to fix, is made possible for software architects. It consequently significantly lowers the overall cost of development. Additionally, since we created the tool with non-security… Continue reading The Microsoft Threat Modeling Tool (TMT)
Threat Modeling: Choosing the Right Method for Your Business
Why Threat Modeling Is Important and What It IsIdentifying and evaluating threats that an attacker (threat) could exploit is done through the exercise of threat modelling. Consider a threat model for your home to help you better understand threat modelling. Your home likely has assets, or things that an attacker would value, like cash, jewellery,… Continue reading Threat Modeling: Choosing the Right Method for Your Business
IriusRisk Threat Modeling for Security and Development Teams
Threat modelling: what is it?Basics of Threat Modeling Threat modeling’s fundamental tenet is the identification, disclosure, and management of security flaws. This is accomplished by being aware of the threats and attacks the system might face as well as the corresponding countermeasures (controls). Security by design vs. Fixing in production Threat modeling’s guiding principle is… Continue reading IriusRisk Threat Modeling for Security and Development Teams
The Azure Threat Research Matrix is explained
It’s typical for the assessment team to cite the MITRE ATT&CK knowledge base when conducting an offensive security assessment so that high-level stakeholders can see visually which techniques were effective and administrators and defenders can comprehend the techniques used in order to correct or defend against them in the future. But there is no official… Continue reading The Azure Threat Research Matrix is explained