.jpg)
%20(1).png)
%20(1).png)
%20(1).png)
.png)
November 30, 2020
ATT&CK'ing it wrong - how to use ATT&CK effectively at an NZ scale
Hamish Krebs, Cyber Security Lead Consultant, recently spoke at CHCon - an event held in Christchurch for cyber security professionals and hackers. Born out of frustrations and learnings behind the MITRE ATT&CK framework, his presentation explored how to go from 'ATT&CK’ing it wrong' to 'ATT&CK’ing it effectively'.
The MITRE ATT&CK framework is a 'checklist' of threat tactics and techniques used by cyber adversaries. Using this framework, organisations can see their vulnerability and identify where there are potential gaps for exploitation. As a vendor-agnostic tool, it's widely used and supported by security professionals worldwide. With New Zealand experiencing a surge in malicious activity of late, Hamish talks about how we can use this framework to better defend against the ever-growing threat of cyber attacks.
Presentation overview
- State of CTI in NZ (nascent) (vendor led)
- What ATT&CK is
- What ATT&CK isn’t (or shouldn’t be used for)
- Common pitfalls
- Mitigating against all the things
- Car Crash analogy
- How to operationalize ATT&CK data for common use cases
- TTP coverage mapping Product Evaluations (Presales)
- Threat Actor mapping
- Report Writing (Blue + Red) “Adversary emulation” + Purple Teaming
- “Advanced” use cases
- Weightings