Already becoming a tradition—our team is back in Brussels for the 2025 MITRE ATT&CK® Community Workshop!
This year, SOC Prime Founder & CEO Andrii Bezverkhyi held the stage to discuss AI and LLMs as game changers in the cybersecurity domain.
#mitreattack
Simulate. Detect. Tune. Repeat:https://dispatch.thorcollective.com/p/simulate-detect-tune-repeat
New Open-Source Tool Spotlight 🚨🚨🚨
Mapping your threat-hunting workflows to the MITRE ATT&CK framework? Check out olafhartong's ThreatHunting Splunk app. With 130+ reports and dashboards, it simplifies hunting while integrating Sysmon data for deep insights. Requires tuning for best results. #ThreatHunting #MITREATTACK
🔗 Project link on #GitHub 👉 https://github.com/olafhartong/ThreatHunting
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️
New Open-Source Tool Spotlight 🚨🚨🚨
"Threat-Informed Defense" isn't just a buzzword. The Center for Threat-Informed Defense bridges MITRE ATT&CK with actionable tools like Adversary Emulation Plans and the Attack Workbench, empowering defenders to stay ahead of real-world TTPs. #CyberDefense #MITREATTACK
Want to map security controls to adversary behavior? Check out Mappings Explorer by the Center for Threat-Informed Defense. It aligns your defense strategy directly with the MITRE ATT&CK framework. Precision matters. #ThreatIntelligence #Cybersecurity
Attack Flow helps you visualize how attackers chain techniques into full-scale operations. An indispensable tool for understanding and mitigating attack sequences. Powered by the Center for Threat-Informed Defense. #SOCtools #ThreatModeling
TRAM leverages automation to map CTI reports directly to MITRE ATT&CK tactics and techniques. Less manual work, more actionable insights. Open-source ingenuity at its best. #CyberThreats #MITREATTACK
Building effective cyber analytics requires depth; "Summiting the Pyramid" delivers frameworks to challenge adversary evasion strategies. A research-backed way to harden defenses. #CyberAnalytics #ThreatHunting
🔗 Project link on #GitHub 👉 https://github.com/center-for-threat-informed-defense
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️
Security tools generate thousands of alerts—but are they really helping? In this episode, we break down the latest @mitreattack Evaluations, how alert volume impacts cost and analyst burnout, and why detection engineering is the key to smarter security.
Watch and Listen now with @hackerxbella: https://youtu.be/tE1SFwo_jEw
#Cybersecurity #MITREATTACK #SecurityOperations #ThreatDetection
Saturday #blueteam pondering -
Are lateral movement and privilege escalation two distinct concepts?
What is lateral movement really?
Have access here.
Want access over there.
Do things to exploit weakness.
Get access over there.
Lateral movement has happened.
This story is access centric.
Except, in common parlance:
. lateral movement is network centric.
. privilege escalation is access centric.
Gestalt for me: trouble comes when:
user account scope-of-access =
network-reach scope-of-access
Trying to illustrate -
What onwards value is domain admin on a member host without effective interactive network-reach to a DC? i.e. effective onwards network-reach scope-of-access is unavailable to other hosts.
In other words, achieving privilege escalation on a member host is little, when onwards network-reach scope-of-access does not include other hosts on the private network.
Scope-of-access is the key conceptual distinction for both account-level and network-level access.
Account scope-of-access is a long used concept, perhaps a little out of favour.
There are degrees of onwards network-reach. Necessary network connections between member hosts and DCs does not immediately equate to material scope-of-access.
I reckon ‘network-reach scope-of-access’ is a handy phrase. Perhaps it explicitly surfaces a concept in common use with graph theory modeling of attack paths?
Thoughts?
#blueteam
#lateralmovement #privelege_escalation
#mitre #mitreattack #mitreattck
#activedirectory
#infosec #cybersecurity
🔍 New blog post: Understanding Reconnaissance - How Attackers Gather Intelligence
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework: https://github.com/cisagov/decider
I am looking for someone who has experience with the MITRE ATT&CK framework and can answer my questions (German/English)
#security #SecOps #mitre #MitreAttack #InformationSecurity #InformationsSicherheit #apt
📢 Hey #security analysts... let's talk about MITRE D3FEND! 🗣️ 👀 From the same people who brought you the MITRE ATT&CK framework comes the D3FEND knowledge graph — a standardized vocabulary for understanding the different actions you can take to protect yourself. By using D3FEND, you can map ATT&CK Mitigations to your current tooling to identify gaps and build a stronger security program. 🔒 🙌
In our latest blog you can learn all about"
🛡️ D3FEND tactics
🛡️ D3FEND techniques
🛡️ Digital artifacts
🛡️ How to use D3FEND
...and more.
https://graylog.org/post/what-is-mitre-d3fend/ #mitreattack #mitredefend #cybersecurity #infosec
Know your Adversary’s next move with TIE: https://medium.com/mitre-engenuity/know-your-adversarys-next-move-with-tie-6eca0e082a31
I'm just working on a #ThreatModeling workshop with #EoP and I just wondered, is there an equivalent of Threat Modeling for IT? You could use #MitreAttack for something similar but I'm missing the cooperative teamwork of EoP
#CyberSecurity
Do you know about a similar technic, methodology, ... with a focus on IT? Please let me know what you use
I'm just working on a #ThreatModeling workshop with #EoP and I just wondered, is there an equivalent of Threat Modeling for IT? You could use #MitreAttack for something similar but I'm missing the cooperative teamwork of EoP
#CyberSecurity
Duiding en Mitre ATT&CK mapping TK brief PolitieHack
"Zoals gemeld in mijn brief van 27 september"
"is een politieaccount gehackt"
"Het lijkt te gaan om de global address list"
"De AIVD en MIVD hebben de politie geïnformeerd over het cyberincident"
"[AIVD & MIVD] achten het zeer waarschijnlijk dat een statelijke actor verantwoordelijk is"
De AIVD geeft de onzekerheden in deze inschattingen aan door gebruik te maken van ‘waarschijnlijkheidstermen’. Van minst tot meest waarschijnlijk zijn dit: ‘onwaarschijnlijk’, ‘twijfelachtig’, ‘mogelijk’, ‘waarschijnlijk’ en ‘zeer waarschijnlijk’.
Next steps
Concrete duidelijkheid over alle punten waar we nu alleen de algemene "TA" duiding hebben, is relevant voor verdere detectie bij eventuele andere, en toekomstige slachtoffers.
Mitre ATT&CK (https://attack.mitre.org/tactics/enterprise/) heeft voor zover ik kan nagaan zwakke of geen goede adversary technieken en/of mitigatie technieken voor dit type aanval. Die stappen toevoegen gaat het model ook verder helpen.
Bronnen:
Why do adversaries deploy #DDoS attacks, and how do these attacks impact business operations? 😓 Get the 411 on DDoS attacks, in our latest blog. 👀
#Graylog's Jeff Darrington explains the common DDoS attack types, and most importantly, he shares 9 specific steps you can take to mitigate your DDoS attack risk. 🙌
https://graylog.org/post/how-to-stop-a-ddos-attack/ #cybersecurity #mitreattack
Detection Rules & MITRE ATT&CK Techniques: https://blog.snapattack.com/detection-rules-mitre-att-ck-techniques-7e7d7895b872
A good understanding of the MITRE ATT&CK API-based techniques will help you improve your overall #security posture.🔒👍 So, let's talk about API-based techniques and sub-techniques.🤔
This blog will walk you through:
✔ Enterprise API techniques and mitigations
✔ Native API, technique T1106
✔ Credential API hooking, sub-technique T1056.004
✔ Container API, sub-technique T1552.007
✔ Dynamic API resolution, sub-technique T127.007
✔ Cloud API, sub-technique T1059.009
✔ Cloud instance metadata API, sub-technique T1552.005
Plus, learn about integrating API monitoring into threat detection and incident response. 🙌
https://graylog.org/post/mitre-attck-api-based-enterprise-techniques-and-sub-techniques/ #MITREattack #APIsecurity #TDIR #cybersecurity
As you build out your incident detection and response capabilities, you should consider how IP address alert investigations map to the MITRE ATT&CK Framework. 🤔 Plus, you will want to consider how to correlate these alerts with other information generated by your environment. 👀 Take a look at this article to learn about:
🔒 Why IP addresses are important to security alerts
🗺 Mapping IP address information to ATT&CK
⚠ Additional events to correlate with suspicious IP address alerts
🔍 Threat detection and incident response (#TDIR) for IP address alert investigations
https://graylog.org/post/ip-address-alerting-with-mitre-attck/ #mitreattack #IPaddress
SIEM 4.0: The Essentialist Evolution: https://jacknaglieri.substack.com/p/gen-4-siem
What to expect in SIEM 4.0:
- Prioritizing impactful MITRE tactics rather than complete ATT&CK coverage.
- Shifting from atomics to risk-based alerts that analyze groups of actions.
- Opening up the data lake and introducing new criteria for open data platforms.
- Controlling low-quality alerts through the adoption of “as code” principles.
- Using AI to automate routine tasks allows humans to focus on high-value work.
