Learn how to practical use the MITRE ATT&CK Framework. This video shows how to map out your detection and prevention capabilities using MITRE ATT&CK, DeTT&CT, and MITRE Navigator. It also demonstrates building a threat model against a given industry as well as applying adversary simulation tools.
Clarification - At 2:59 I mention converting the exported YAML to JSON. When doing so you will need to download the DeTTECT GitHub project and use its Python scripts to convert the YAML. An example command to do so would look like this (/opt/DeTTECT would be an example path to the GitHub download):
python /opt/DeTTECT/dettect.py ds -fd input/your_exported_yaml_data_source_file.yaml -l
Links referenced in video below.
0:50 DeTT&CT (github.com/rabobank-cdc/DeTTECT)
3:13 ATT&CK Navigator (mitre-attack.github.io/attack...)
6:28 Sigma Generic Signatures (github.com/Neo23x0/sigma)
11:42 MITRE ATT&CK (attack.mitre.org/)
16:40 Caldera (github.com/mitre/caldera)
16:50 Atomic Red Team (github.com/redcanaryco/atomic...)
Do not forget to subscribe to this channel for updates on future videos.
Looking for help improving your detection capabilities? Reach out to info@hasecuritysolutions.com or (217) 730-3007. We routinely implement SIEM and NSM solutions both commercial and open source.
Speaker: Justin Henderson, CEO H & A Security Solutions LLC
Justin is the co-founder of H&A Security Solutions, LLC, a company that deploys, maintains, and tunes SIEM, NSM, and other solutions for organizations. Justin also maintains one of the largest security onion deployments in the world with over 1200 network sensors. He is a passionate security architect and researcher whose experience in cybersecurity started at the age of thirteen when he began providing professional services to organizations. Justin was the 13th GSE to become both a red and blue SANS Cyber Guardian and holds over 60 industry certifications. As the author of SEC555 and co-author of SEC455 and SEC530, he’s able to bring his encyclopedia of IT knowledge into the classroom.
Follow Justin on Twitter @SecurityMapper at / securitymapper or using LinkedIn at / justinhenderson2014 .
16 июл 2024