Tweet
ATT&CK is a game changer and where it works, it can enable both blue and red teams to co-exist and work effectively together. However, what happens when it falls short and the threat intelligence and hypotheses don't exist? How do you build threat intelligence and threat hunt hypotheses from first principles. What do attackers on UNIX do when bitcoin miners aren't their motivation?
I’ll go into:
* The target I chose and why – we have ~40 years’ experience looking at UNIX from an offensive standpoint, why wouldn't attackers
* Building a collection worksheet and the information you'll need to track
* Figuring out what TTPs the bad guys are using to attack UNIX when no-one has documented them previously – faced with a lack of DFIR reports, how do you validate your hypotheses
* Working out whether your customer is exposed and why this matters
* Translating concepts we see in the wild into things our customer can consume
* What this means for users of ATT&CK
Speaker(s): Tim Wadhwa-Brown
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-08 06:00 (06:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-08 07:00 (07:00 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:25 (UTC).
I’ll go into:
* The target I chose and why – we have ~40 years’ experience looking at UNIX from an offensive standpoint, why wouldn't attackers
* Building a collection worksheet and the information you'll need to track
* Figuring out what TTPs the bad guys are using to attack UNIX when no-one has documented them previously – faced with a lack of DFIR reports, how do you validate your hypotheses
* Working out whether your customer is exposed and why this matters
* Translating concepts we see in the wild into things our customer can consume
* What this means for users of ATT&CK
Speaker(s): Tim Wadhwa-Brown
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-08 06:00 (06:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-08 07:00 (07:00 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:25 (UTC).