threat hunting with ATT&CK Q&A

Q&A: Visibility, Testing Critically Important for Hunting

Red Canary

MITRE’s ATT&CK™ framework is a great resource for security analysts looking for a guide in their threat hunting efforts, which is exactly what we discussed in the second part of our ongoing webinar series, Threat Hunting with ATT&CK.

threat hunting with ATT&CK Q&A

Using MITRE ATT&CK™ When Researching Attacker Behavior and Running Unit Tests

Jimmy Astle

The following article originally appeared on the Carbon Black blog. The author, Jimmy Astle, is a senior threat researcher at Carbon Black and a speaker on the upcoming webinar: Testing Visibility to Develop an Innovative Threat Hunting Program.  MITRE ATT&CK is arguably one of the best assets available to security professionals who want to dive into the intricacies of detecting and … Read More

Threat Hunting with ATT&CK

Q & A: How to Use the MITRE ATT&CK™ Framework to Mature Your Threat Hunting Program

Suzanne Moore

You’ve heard the buzz around MITRE ATT&CK™ — but how do you apply this broad framework to your security program? We’re excited to kick off a three-part webinar series exploring how top security teams use ATT&CK as a roadmap to mature and expand their threat hunting programs. The first session features John Wunder, MITRE Principal Cybersecurity Engineer, alongside two long-time threat hunting gurus: Phil … Read More

Cryptomining Native Windows Tools

Mining off the Land: Cryptomining Enabled by Native Windows Tools

Tony Lambert

A lesson I learned early in my career is that technology professionals often inherit older problems. This is especially true of administrators responsible for network services and security because they inherit the biggest snowball of problems: an enterprise network. Networks often grow in ways that make them harder to secure and maintain as they age, and admins often implement new … Read More

Behind the Scenes of an Active Breach (Part 1): Establishing Persistence

Keya Horiuchi

Preventing a breach is every security leader’s top priority. Stopping modern adversaries means having visibility and insight into their tactics, techniques, and behaviors. This two-part series takes readers behind the scenes of a compromised network environment in which multiple endpoints were infected with malware. Part 1 focuses on steps the malware took to establish persistence, while Part 2 will focus on … Read More