Welcome to Scribd!

Martin Elan 2021 10 22 AEP EU ATTACK Workshop

Uploaded by

0% found this document useful (0 votes)

8 views20 pages

This document discusses generating MITRE ATT&CK technique sequences to emulate real-world adversaries. It presents an approach using a tool that takes ATT&CK techniques and defined "requires" and "provides" relationships to automatically generate stages of an attack. The tool was used to generate the operational flow of the SolarWinds incident. Caveats include mapping bias and limited vocabulary. Future work includes standardizing abilities and integrating with ATT&CK.

Original Description:

Original Title

12.-Martin-Elan-2021-10-22-AEP-EU-ATTACK-Workshop

Copyright

Available Formats

PPTX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

8 views20 pages

Martin Elan 2021 10 22 AEP EU ATTACK Workshop

Uploaded by

tomas

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 20

Search inside document

ADVERSARY EMULATION

GENERATING MITRE ATT&CK TECHNIQUE SEQUENCES

PRESENTED BY MARTIN EIAN

TLP: WHITE
Adversary Emulation

Test your defenses based

on real-world adversary
behaviors
AUTOMATE
EFFORT
EXPERTISE
TIME
https://attack.mitre.org/resources/adversary-emulation-plans/
Adversary Emulation Plans

Intelligence Summary
 An overview of the adversary and references to cited Intelligence

Operational Flow
 Chains techniques together into a logical flow of the major steps that
commonly occur across the selected adversary’s operations

Emulation Plan
 The TTP-by-TTP, command-by-command walkthrough to implement
the adversary’s operational tradecraft as described in the Intelligence
Summary and the Operational Flow
https://medium.com/mitre-engenuity/introducing-the-all-new-adversary-emulation-plan-library-234b1d543f6b
Problem Statement

Generate the Operational

Flow of an Adversary Group,
campaign or incident
Previous Work

MITRE CALDERA
 https://github.com/mitre/caldera

Dependencies
“Finding Dependencies Between
Adversary Techniques”
 FIRST Conference 2019
 Andy Applebaum, MITRE
 https://www.first.org/resources/papers/conf2019/1100-Applebaum.pdf
MITRE ATT&CK Object Relationships

https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
requires provides
Technique
Example: Phishing and User Execution
privileges_user_local

access_filesystem
User
Phishing tool_delivery
Execution
access_memory

code_executed

info_email_address tool_available
IMPLEMENTATION
Approach

Develop vocabulary of abilities

 STIX and MAEC not suitable
Review all (sub-)techniques
 Define “requires” and “provides”
Develop tool
 Generate attack stages
 https://github.com/mnemonic-no/aep
Tool Overview

 Inputs:
 List of (sub-)techniques
 ATT&CK Navigator Layer
 Simple JSON
 Definitions of “requires” and “provides”
 End condition (objective)
 Initialization:
 Create empty queue
 Execution: For each attack stage
 Execute (sub-)techniques where all “requires” are present in queue
 Add “provides” to queue
 Output:
 Attack stages with corresponding (sub-)techniques
 Verdict
Example Output: SolarWinds Incident
OBSERVATIONS, CAVEATS AND FUTURE WORK
Observations

Find missing techniques

SOC/IRT use cases
Caveats

Adversary Groups vs
incidents/campaigns
Attack on specific infrastructure
Vocabulary coverage
Mapping bias
Future Work

Standard vocabulary of abilities

ATT&CK integration
Structured procedure definitions
SOCCRATES and Contact Information

Web Site
 https://soccrates.eu

AEP Tool
 https://github.com/mnemonic-no/aep

E-Mail
 meian@mnemonic.no

LinkedIn
 https://linkedin.com/in/martineian

Introduction To Purple Teaming PDF
Document29 pages
Introduction To Purple Teaming PDF
Donovan Ben Yossef
No ratings yet
Untitled
Document45 pages
Untitled
Woy
No ratings yet
Windows Privilege Escalation - Logon Autostart Execution
Document10 pages
Windows Privilege Escalation - Logon Autostart Execution
mauropsanmartin
No ratings yet
Python Advanced Programming: The Guide to Learn Python Programming. Reference with Exercises and Samples About Dynamical Programming, Multithreading, Multiprocessing, Debugging, Testing and More
From Everand
Python Advanced Programming: The Guide to Learn Python Programming. Reference with Exercises and Samples About Dynamical Programming, Multithreading, Multiprocessing, Debugging, Testing and More
Marcus Richards
No ratings yet
Abusing Notepad Plugins For Evasion and Persistence
Document8 pages
Abusing Notepad Plugins For Evasion and Persistence
unbiasedworkrelatedph
No ratings yet
Red Team Training
Document16 pages
Red Team Training
Fernando da Costa Correa
No ratings yet
The Shellcode Generation: Attack Trends
Document5 pages
The Shellcode Generation: Attack Trends
Dhoorjati Vommi
No ratings yet
Presnted by Ashwani (09IT16) Navneet (09IT48)
Document21 pages
Presnted by Ashwani (09IT16) Navneet (09IT48)
Ashwani Kumar
No ratings yet
Rani 2015
Document4 pages
Rani 2015
Red Reddington
No ratings yet
ChiCon07 Gates It Day2 FunStuff
Document33 pages
ChiCon07 Gates It Day2 FunStuff
Steven Taylor
No ratings yet
Boot Logon Autostart Execution (Startup Folder)
Document8 pages
Boot Logon Autostart Execution (Startup Folder)
Mattias Vajda
No ratings yet
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools PDF
Document4 pages
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools PDF
AndikaBram -
No ratings yet
Red Team Operations
Document16 pages
Red Team Operations
andreyaguiaraze
No ratings yet
Red Team Operations
Document15 pages
Red Team Operations
Marcelo Junior
No ratings yet
Leap Motion
Document8 pages
Leap Motion
Yuri Lima
No ratings yet
Python for Cybersecurity: Using Python for Cyber Offense and Defense
From Everand
Python for Cybersecurity: Using Python for Cyber Offense and Defense
Howard E. Poston, III
No ratings yet
Lab 1 - Researching Network Attacks and Security Audit Tools
Document5 pages
Lab 1 - Researching Network Attacks and Security Audit Tools
Jood salem
No ratings yet
Metasploit - Tutorial Part.2
Document6 pages
Metasploit - Tutorial Part.2
seyi0
No ratings yet
How To Response Against Web Security Incident Signed
Document38 pages
How To Response Against Web Security Incident Signed
Ark
No ratings yet
How To Response Against Web Security Incident Signed
Document38 pages
How To Response Against Web Security Incident Signed
zain jamal
No ratings yet
Haboob Team: Windows Privilege Escalations
Document17 pages
Haboob Team: Windows Privilege Escalations
bc200406548 AHAD KHAN NIAZI
No ratings yet
Principal Security Engineer and Security Researcher: Filipi Pires
Document19 pages
Principal Security Engineer and Security Researcher: Filipi Pires
Rodrigo Juan
No ratings yet
Leni Andriani - 1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
Document5 pages
Leni Andriani - 1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
Leni Andriani
No ratings yet
Introductiontoexploitationmetasploit 190312092949
Document21 pages
Introductiontoexploitationmetasploit 190312092949
muna cliff
No ratings yet
Mastering Metasploit
From Everand
Mastering Metasploit
Nipun Jaswal
No ratings yet
English Preparation Guide Ehf 201505
Document12 pages
English Preparation Guide Ehf 201505
jesus_yustas
No ratings yet
Hacking Methodologies
Document61 pages
Hacking Methodologies
prashant s
No ratings yet
Advanced APT Hunting With Splunk Takeaway
Document7 pages
Advanced APT Hunting With Splunk Takeaway
JJP
No ratings yet
Dayananda Sagar University: Special Topic-1 Report
Document20 pages
Dayananda Sagar University: Special Topic-1 Report
Ying Delusi0n
No ratings yet
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
From Everand
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
Devi Prasad
No ratings yet
Yubaraj Tamang 22066990
Document7 pages
Yubaraj Tamang 22066990
yubarajt00
No ratings yet
Ai Web Report 1 1
Document25 pages
Ai Web Report 1 1
Suraj Theekshana
No ratings yet
Anti VM
Document26 pages
Anti VM
Anonymous Legions
No ratings yet
6.system Hacking
Document50 pages
6.system Hacking
cafenight2547
No ratings yet
Use of Metasploit Framework in Kali Linux: April 2015
Document9 pages
Use of Metasploit Framework in Kali Linux: April 2015
proftechitspecialist
100% (1)
Penetration Testing Presentation
Document15 pages
Penetration Testing Presentation
Arif Zina
0% (1)
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
Document4 pages
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
safwan eshamasul
No ratings yet
45 Computer Firewall Interview Questions and Answers
Document5 pages
45 Computer Firewall Interview Questions and Answers
govindaraj.j
No ratings yet
Metasploit - Tutorial Part.1
Document7 pages
Metasploit - Tutorial Part.1
seyi0
No ratings yet
Learning Linux Binary Analysis
From Everand
Learning Linux Binary Analysis
O'Neill Ryan elfmaster
Rating: 4 out of 5 stars
4/5 (1)
Effectiveness of AVs in Detecting Web Application Backdoors
Document8 pages
Effectiveness of AVs in Detecting Web Application Backdoors
blwztraining
No ratings yet
Hackplanet Certified Metasploit Expert - Metasploit Training
Document4 pages
Hackplanet Certified Metasploit Expert - Metasploit Training
Shubham Mittal
No ratings yet
Metasploit Tutorial Part 1: Inside The Metasploit Framework: You Can Read The, On Searchsecurity - in
Document7 pages
Metasploit Tutorial Part 1: Inside The Metasploit Framework: You Can Read The, On Searchsecurity - in
programe info
No ratings yet
NICF - Linux System Administration (SF) : 20 Slides Supplement To The Trainer's PP File Form Linux Foundation
Document22 pages
NICF - Linux System Administration (SF) : 20 Slides Supplement To The Trainer's PP File Form Linux Foundation
MA Maalej
No ratings yet
2021-07-01 - Evasive Techniques Used by Malicious Linux Shell Scripts
Document8 pages
2021-07-01 - Evasive Techniques Used by Malicious Linux Shell Scripts
Road Pirate Films
No ratings yet
Lab 19 Metasploit
Document11 pages
Lab 19 Metasploit
oscar tebar
100% (1)
06a Penetration Testing
Document16 pages
06a Penetration Testing
tomas
No ratings yet
ATLIST Method: Exploits Vulnerability in SOA: V. M. Vasava, Prof. S. P. Abhang
Document6 pages
ATLIST Method: Exploits Vulnerability in SOA: V. M. Vasava, Prof. S. P. Abhang
International Organization of Scientific Research (IOSR)
No ratings yet
Using AI Techniques To Improve Pentesting Automation: Carlos Sarraute
Document48 pages
Using AI Techniques To Improve Pentesting Automation: Carlos Sarraute
sandeep darla
No ratings yet
Worms and Worm Mitigation: Saman Amarasinghe
Document66 pages
Worms and Worm Mitigation: Saman Amarasinghe
Daniel Daniel
No ratings yet
Mastering Go Network Automation: Automating Networks, Container Orchestration, Kubernetes with Puppet, Vegeta and Apache JMeter
From Everand
Mastering Go Network Automation: Automating Networks, Container Orchestration, Kubernetes with Puppet, Vegeta and Apache JMeter
Ian Taylor
No ratings yet
Mastering Go Network Automation
From Everand
Mastering Go Network Automation
Ian Taylor
No ratings yet
Atex - PM 2
Document3 pages
Atex - PM 2
normatividad teletrabajo
No ratings yet
Metasploit - Framework-A Quick Reference PDF
Document81 pages
Metasploit - Framework-A Quick Reference PDF
savanpatel16
No ratings yet
Reference Solution For Comptia - Premium.Pt0-001.By - Vceplus.65Q-Unlocked - Vce
Document34 pages
Reference Solution For Comptia - Premium.Pt0-001.By - Vceplus.65Q-Unlocked - Vce
Joe Schmo
No ratings yet
Post-Explotaition - Pivoting As An Attack Weapon
Document16 pages
Post-Explotaition - Pivoting As An Attack Weapon
JuancitoPeñaVizcaino
No ratings yet
PNT Final
Document52 pages
PNT Final
Siva Ajay
No ratings yet
ECC CEHv8
Document35 pages
ECC CEHv8
sjmpak
No ratings yet
WP Real Time Database Monitoring
Document12 pages
WP Real Time Database Monitoring
ngvson
No ratings yet
Certified Ethical Hacker Cehv12 Course Content
Document23 pages
Certified Ethical Hacker Cehv12 Course Content
M3iat
No ratings yet
Jabatan Kejuruteraan Elektrik
Document10 pages
Jabatan Kejuruteraan Elektrik
Thevenin Norton TOng Tong
No ratings yet
CENG216 - Analysis of Arches - L03 Practice Problems
Document7 pages
CENG216 - Analysis of Arches - L03 Practice Problems
osmanconteh894
No ratings yet
Al Hikmah Homework
Document8 pages
Al Hikmah Homework
iuoqhmwlf
100% (1)
Study of Romanian Folklore
Document30 pages
Study of Romanian Folklore
Ionut Moraru
No ratings yet
Wenz's Resume
Document1 page
Wenz's Resume
Wenz Xing
No ratings yet
Dr. Kirk Kelly Cover Letter and Resume For Hamilton County School Superintendent Position
Document2 pages
Dr. Kirk Kelly Cover Letter and Resume For Hamilton County School Superintendent Position
NewsChannel 9 Staff
No ratings yet
Question Paper Code:: Reg. No.
Document3 pages
Question Paper Code:: Reg. No.
karthikeyankv.mech Dscet
No ratings yet
ABCD of Learning Objectives Summer 2019
Document1 page
ABCD of Learning Objectives Summer 2019
Jumda Hadjael
No ratings yet
CH 09 Imaim
Document27 pages
CH 09 Imaim
kevin echiverri
No ratings yet
Unit 1 - Introduction: Module Overview
Document8 pages
Unit 1 - Introduction: Module Overview
Jed Garcia
No ratings yet
KLT Rekha
Document15 pages
KLT Rekha
Yuli Syarif
No ratings yet
Q3 Week 3 Day 4
Document6 pages
Q3 Week 3 Day 4
mae cendana
No ratings yet
TI Activity 4 Lesson Planning
Document5 pages
TI Activity 4 Lesson Planning
Margarita Lovidad
No ratings yet
Resume Lorena Dineva
Document1 page
Resume Lorena Dineva
api-439996538
No ratings yet
Sociolinguistics INTRODUCTION
Document119 pages
Sociolinguistics INTRODUCTION
Carlos Rojas
100% (4)
Icebreaker Rationale Statement
Document2 pages
Icebreaker Rationale Statement
api-386092719
No ratings yet
The Importance of Continuous Professional Development For Educators
Document5 pages
The Importance of Continuous Professional Development For Educators
marian fae Mallari
100% (1)
Detailed-Lesson-Plan-Literalandfigurativespeech-Newest (1) (AutoRecovered)
Document5 pages
Detailed-Lesson-Plan-Literalandfigurativespeech-Newest (1) (AutoRecovered)
Natanohj Bueza
No ratings yet
Introductionto Rubrics
Document21 pages
Introductionto Rubrics
aa256850
100% (1)
Assessment and Reporting: Respectfully Submitted
Document18 pages
Assessment and Reporting: Respectfully Submitted
Calventas Tualla Khaye Jhaye
No ratings yet
MBA Project Guidelines-2021
Document6 pages
MBA Project Guidelines-2021
Madhuri Bhanu
No ratings yet
EAMCET 2016 Question Papers With Solutions
Document17 pages
EAMCET 2016 Question Papers With Solutions
ShaRukh Mohammed
No ratings yet
Smartphoneusagetowardslearningbehaviorandacademicperformanceofaccountancybusinessandmanagementstudentsoftacurongnationalhighschool PDF
Document56 pages
Smartphoneusagetowardslearningbehaviorandacademicperformanceofaccountancybusinessandmanagementstudentsoftacurongnationalhighschool PDF
Annalea Venzon
No ratings yet
The Basics of Psychological First Aid (PFA)
Document17 pages
The Basics of Psychological First Aid (PFA)
eduin prada
No ratings yet
Epp 5 Cot
Document3 pages
Epp 5 Cot
Mariane Macalinao
No ratings yet
Curriculum Research in Nursing-Lesson Plan
Document13 pages
Curriculum Research in Nursing-Lesson Plan
avinash dhameriya
No ratings yet
Unified International English Olympiad (UIEO) Class 4 Paper: Vocabulary and Functional Grammar
Document4 pages
Unified International English Olympiad (UIEO) Class 4 Paper: Vocabulary and Functional Grammar
shalabh1976
No ratings yet
Grad Bulletin
Document164 pages
Grad Bulletin
Paulo Aguilar
No ratings yet
TLED-HE 104 INTRODUCTION TO ICT SPECIALIZATION - Syllabus-ISO
Document9 pages
TLED-HE 104 INTRODUCTION TO ICT SPECIALIZATION - Syllabus-ISO
Edgar Bryan Nicart
83% (6)
Cristiano Ronaldo
Document2 pages
Cristiano Ronaldo
Valentina Fandiño Zorro
No ratings yet