Discover and read the best of Twitter Threads about #ATTACKCon
Most recents (5)
Hey #ATTACKcon here's a recap of
#GuardrailsOfTheGalaxy: The Prologue
including the *first* three awards – #Guardies 🏆
+ the slides
I'm your thread host, @ItsReallyNick from the #AdvancedPractices 🦅 Adversary Methods team where we "reverse engineer" attacker techniques...
#GuardrailsOfTheGalaxy: The Prologue
including the *first* three awards – #Guardies 🏆
+ the slides
I'm your thread host, @ItsReallyNick from the #AdvancedPractices 🦅 Adversary Methods team where we "reverse engineer" attacker techniques...
Why a lightning talk on Execution Guardrails (#T1480)?
• We worked with @stromcoffee & @MITREattack team who added the new technique in April 2019:
• Smart people suggest that guardrails are correlated with adversary sophistication
• 💂🛤️ are fun! ...
• We worked with @stromcoffee & @MITREattack team who added the new technique in April 2019:
• Smart people suggest that guardrails are correlated with adversary sophistication
• 💂🛤️ are fun! ...
Guardrail Definition & Detection Concepts
$coverage = /de(fini|tec)tion/
The unique combination of behaviors that define guardrailing – and their order – can be used to detect it.
Pitfalls: stage 1 recon, confusing with broader AV/tech evasions, and "legitimate" guardrailing...
$coverage = /de(fini|tec)tion/
The unique combination of behaviors that define guardrailing – and their order – can be used to detect it.
Pitfalls: stage 1 recon, confusing with broader AV/tech evasions, and "legitimate" guardrailing...
ATT&CK isn't just for Windows! @ForensicITGuy from @redcanaryco will be sharing "Alertable Techniques for Linux using ATT&CK" to discuss that not every technique is alertable and not all of them provide the same value for immediate detection. #ATTACKcon
@ForensicITGuy @redcanaryco Tony's getting into some specific technique implementations in Linux, a Platform where ATT&CK could certainly use more information on. Getting into how we can respond to alerts quickly, and what they might be telling us. #ATTACKcon
@ForensicITGuy @redcanaryco “Most of the time a curl command going to Pastebin is going to be malicious. If that’s in your business model let me know.” Some great tips on what to alert on in Linux. #ATTACKcon
At #ATTACKcon I talked about #Jupyter notebooks as a way to share repeatable analysis. I was asked to share mine. Promise kept!
Learn how a notebook can speed hunting and automation with the new WDATP APIs.
🆕techcommunity.microsoft.com/t5/Threat-Inte…
📔github.com/Microsoft/Wind…
h/t @killchain
Learn how a notebook can speed hunting and automation with the new WDATP APIs.
🆕techcommunity.microsoft.com/t5/Threat-Inte…
📔github.com/Microsoft/Wind…
h/t @killchain
#ATTACKCon keynote section on Jupyter:
And thanks to @killchain for introducing me to notebooks years ago 🙏
If you missed the first #ATTACKCon, let me catch you up in this thread:
First, YES IT WAS RECORDED👍:
▫️Day 1 Morning:
▫️Day 1 Afternoon:
▫️Day 2 Morning:
▫️Day 2 Afternoon:
First, YES IT WAS RECORDED👍:
▫️Day 1 Morning:
▫️Day 1 Afternoon:
▫️Day 2 Morning:
▫️Day 2 Afternoon:
JUST GIVE ME THE HIGHLIGHTS:
I really enjoyed these recaps and live-tweets from @meansec, @likethecoins, and @redcanary:
▫️@redcanary highlights: redcanary.com/blog/community…
▫️Katie Nickles live-tweets: twitter.com/search?q=%23AT…
▫️@meansec live-tweets: twitter.com/search?q=%23AT…
I really enjoyed these recaps and live-tweets from @meansec, @likethecoins, and @redcanary:
▫️@redcanary highlights: redcanary.com/blog/community…
▫️Katie Nickles live-tweets: twitter.com/search?q=%23AT…
▫️@meansec live-tweets: twitter.com/search?q=%23AT…
My keynote on speeding #InfoSec learning:
👉SLIDES: 1drv.ms/p/s!Akl-R_H0qT…
▫️Community:
▫️Organized Knowledge:
▫️Executable Know-how:
▫️Repeatable Analysis:
👉SLIDES: 1drv.ms/p/s!Akl-R_H0qT…
▫️Community:
▫️Organized Knowledge:
▫️Executable Know-how:
▫️Repeatable Analysis:
Thanks East Coast but it’s hard to beat the Pacific Northwest in Fall
