threat hunting with ATT&CK Q&A

Q&A: Visibility, Testing Critically Important for Hunting

Red Canary

MITRE’s ATT&CK™ framework is a great resource for security analysts looking for a guide in their threat hunting efforts, which is exactly what we discussed in the second part of our ongoing webinar series, Threat Hunting with ATT&CK.

attacking a mac

Attacking a Mac: Detecting MacOS Post-Exploitation

Frank McClain

Everyone, please take a deep breath and say it with me: “Macs are invulnerable to compromise.” Everyone knows that’s true, right? Attacking a Mac is impossible. Okay, well perhaps most of the population thinks that, but we are part of the uber-elite cyber-warriors that know better. All systems are vulnerable. Our Macs only get popped when we want them to, … Read More

OODA Loop Information Security

How the OODA Loop Can Help Improve Detection Speed and Accuracy

Justin Schoenfeld

Day after day, our Cyber Incident Response Team (CIRT) detects the threat vectors bad guys use to infiltrate organizations. This post will walk through a malware infection that used the Microsoft Sysinternals tool PsExec to attempt lateral movement, host reconnaissance, and network reconnaissance. We’ll show how the OODA loop method can help improve detection speed and accuracy—not only as the threat unfolded, but as our … Read More

threat hunting with ATT&CK Q&A

Using MITRE ATT&CK™ When Researching Attacker Behavior and Running Unit Tests

Jimmy Astle

The following article originally appeared on the Carbon Black blog. The author, Jimmy Astle, is a senior threat researcher at Carbon Black and a speaker on the upcoming webinar: Testing Visibility to Develop an Innovative Threat Hunting Program.  MITRE ATT&CK is arguably one of the best assets available to security professionals who want to dive into the intricacies of detecting and … Read More

detecting MSXSL attacks

Detecting MSXSL Abuse in the Wild

Ben Downing

The volume of research in the information security community is at an all-time high with researchers chasing zero-days, bug bounties, and ways to bypass new security controls. Despite this wealth of research, not all new techniques catch on. The same way you enjoy listening to your favorite songs, adversaries love to go back and work with their favorite time-tested techniques. … Read More

Threat Hunting with ATT&CK

Q & A: How to Use the MITRE ATT&CK™ Framework to Mature Your Threat Hunting Program

Suzanne Moore

You’ve heard the buzz around MITRE ATT&CK™ — but how do you apply this broad framework to your security program? We’re excited to kick off a three-part webinar series exploring how top security teams use ATT&CK as a roadmap to mature and expand their threat hunting programs. The first session features John Wunder, MITRE Principal Cybersecurity Engineer, alongside two long-time threat hunting gurus: Phil … Read More