Professional Documents
Culture Documents
Webinar 1534 Slides
Webinar 1534 Slides
Made possible by
Thanks to
1
12/18/2018
MITRE ATT&CK
Tactics
Preview of key Techniques
Examples
points Using ATT&CK
Assess
Enhance
Test
2
12/18/2018
Tactics Persistence
Procedures
Examples Procedures
Examples
3
12/18/2018
Tactic: Persistence
Drilldown https://attack.mitre.org/tactics/TA0003/
Technique: Registry Run Keys / Startup Folder
https://attack.mitre.org/techniques/T1060/
https://mitre.github.io/attack-navigator/enterprise/
ATT&CK
Navigator
4
12/18/2018
Adversary Emulation
How can we Red Teaming
How can we
Let’s zero in on how to use ATT&CK for designing, enhancing,
use ATT&CK? assessing your security monitoring effort and keeping it up-to-
date
5
12/18/2018
6
12/18/2018
Security
Monitoring: How do you know if your security monitoring environment really
works – if it will really alert you if you are attacked?
Testing
https://www.redcanary.com/blog/atomic-red-team-testing/
7
12/18/2018
8
12/18/2018
Agenda
• Gap Analysis
• via SCRUM and Documentation
• Preparing a Test lab
• Microsoft Sysmon and Advanced Auditing
• LogRhythm Sysmon Agent
• Importance of Tuning
• Testing MITRE Techniques
• LogRhythm Detection of Techniques
COMPANY CONFIDENTIAL
9
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
10
12/18/2018
Confluence
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
11
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
12
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
13
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
14
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
15
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
16
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
17
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
18
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
19
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
20
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
21
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
22
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
23
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
24
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
25
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
26
12/18/2018
COMPANY CONFIDENTIAL
COMPANY CONFIDENTIAL
27
12/18/2018
COMPANY CONFIDENTIAL
28