ATT&CKcon 5.0 Lightning Talks - Various Speakers
MITREATTACK
171 views
23 slides
Nov 25, 2024
Slide 1 of 23
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
About This Presentation
From ATT&CKcon 5.0
By:
Jon Tran
Hossein Jazi
Manish Kapoor
Wade Baker
Ivan Ninichuck
Reid Gilman
Slides from the ATT&CKcon 5.0 Lightning talks (combined presentation)
Slide Content
ATT&CKcon 5.0
Lightning Talks
Lightning Talks
Mapping the Cuckoo’s Egg
By Jon Tran
October 2024
By Jon Tran
October 2024
SPOILER ALERT
4
Mapping The Cuckoo’s Egg
Link to JSON File with notes: https://chertoffgroup.com/mapping-the-cuckoos-egg/
Mapping The Cuckoo’s Egg
Link to JSON File with notes: https://chertoffgroup.com/mapping-the-cuckoos-egg/
Thank you!
Implementing Threat Modeling in
DevSecOps with ATT&CK
Tina Newton-White, Accenture
DevSecOps with ATT&CK
Tina Newton-White, Accenture
APT Tracking Simplified: A Visual
Guide for Threat Intelligence
Hossein Jazi
Senior Threat Intelligence Specialist
Guide for Threat Intelligence
Hossein Jazi
Senior Threat Intelligence Specialist
8© Fortinet Inc. All Rights Reserved.8© Fortinet Inc. All Rights Reserved.
Hossein Jazi
@h2jazi
•APT researcher
•Malware reverse engineer
•Threat Hunter
•Cyber crime investigator
THREAT INTELLIGENCE
SPECIALIST
8© Fortinet Inc. All Rights Reserved.
Hossein Jazi
@h2jazi
•APT researcher
•Malware reverse engineer
•Threat Hunter
•Cyber crime investigator
THREAT INTELLIGENCE
SPECIALIST
8© Fortinet Inc. All Rights Reserved.
9© Fortinet Inc. All Rights Reserved.9© Fortinet Inc. All Rights Reserved.
APT Tracking
APT Tracking
10© Fortinet Inc. All Rights Reserved.10© Fortinet Inc. All Rights Reserved.
Attribution of APTs
•Attribution identifies the individuals, groups, or nation-states behind cyberattacks
based on evidence gathered from tracking APT activities.
•Key Elements of Attribution:
•Technical Indicators:
•Malware & Network Traffic Analysis, Forensic Investigation
•Contextual Factors:
•Geopolitical Insights, Historical Attack Patterns, Victimology
•How APT Tracking Supports Attribution:
•Tracking Tools: Passive DNS, threat intelligence platforms, and IoCs help build detailed
threat actor profiles.
•Beyond Technical: Behavioral analysis, motives, and geopolitical context enhance
accuracy in identifying threat actors.
10© Fortinet Inc. All Rights Reserved.
Connecting the dots
Attribution of APTs
•Attribution identifies the individuals, groups, or nation-states behind cyberattacks
based on evidence gathered from tracking APT activities.
•Key Elements of Attribution:
•Technical Indicators:
•Malware & Network Traffic Analysis, Forensic Investigation
•Contextual Factors:
•Geopolitical Insights, Historical Attack Patterns, Victimology
•How APT Tracking Supports Attribution:
•Tracking Tools: Passive DNS, threat intelligence platforms, and IoCs help build detailed
threat actor profiles.
•Beyond Technical: Behavioral analysis, motives, and geopolitical context enhance
accuracy in identifying threat actors.
10© Fortinet Inc. All Rights Reserved.
Connecting the dots
Cyber Attacks Involve IOAs + IOCs
CRITICAL
HIGH
MEDIUM
LOW
IOAIOAIOCASSETCVE
Threat Hunting via ‘Detection Chain’
Risk
HIGH
MEDIUM
LOW
IOAIOAIOCASSETCVE
Threat Hunting via ‘Detection Chain’
Risk
A Risk Wonk’s Humble Request
to Improve ATT&CK Reporting
ATT&CKcon 5.0 Lightning Talk
Wade Baker, Ph.D.Cyentia Institute / Virginia Tech
to Improve ATT&CK Reporting
ATT&CKcon 5.0 Lightning Talk
Wade Baker, Ph.D.Cyentia Institute / Virginia Tech
Risk & Intel: different strokes for different folks
Create a character that embodies how [cyber threat intel
/ information risk quant] experts see themselves.DALL-E:
Create a character that embodies how [cyber threat intel
/ information risk quant] experts see themselves.DALL-E:
Multi-Source Analysis of Top ATT&CK Techniques
-Meta-study of 20+ sources
-36% of techniques not reported
-85% of sub-techs not reported
-Tactic-Technique ambiguity
-Wide variation among sources
-Limited firmographic slicing
-All frequency-based reporting
X Share of financial losses
X Scope/duration of outages
X Amount of data breached
-Meta-study of 20+ sources
-36% of techniques not reported
-85% of sub-techs not reported
-Tactic-Technique ambiguity
-Wide variation among sources
-Limited firmographic slicing
-All frequency-based reporting
X Share of financial losses
X Scope/duration of outages
X Amount of data breached
Top techniques observed in ransomware incidents
cyentia.com/iris
cyentia.com/iris
Lightning Recap
1.Risk analysts need to assess exposure
2.Adversary capabilities inform that assessment
3.Let’s work to optimize reporting of TTPs to
support both intel & risk analysts - and
improve collaboration among them!
1.Risk analysts need to assess exposure
2.Adversary capabilities inform that assessment
3.Let’s work to optimize reporting of TTPs to
support both intel & risk analysts - and
improve collaboration among them!
Enter the Flow
Ivan Ninichuck
Ivan Ninichuck
Reid Gilman, Boston Children’s Hospital
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 171
- Slides 23
- Age 376 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views