Discover and read the best of Twitter Threads about #ATTACKCon

Most recents (5)

Hey #ATTACKcon here's a recap of
#GuardrailsOfTheGalaxy: The Prologue
including the *first* three awards – #Guardies 🏆
+ the slides
I'm your thread host, @ItsReallyNick from the #AdvancedPractices 🦅 Adversary Methods team where we "reverse engineer" attacker techniques... ImageImage
Why a lightning talk on Execution Guardrails (#T1480)?
• We worked with @stromcoffee & @MITREattack team who added the new technique in April 2019:
• Smart people suggest that guardrails are correlated with adversary sophistication
• 💂🛤️ are fun! ... ImageImageImage
Guardrail Definition & Detection Concepts
$coverage = /de(fini|tec)tion/

The unique combination of behaviors that define guardrailing – and their order – can be used to detect it.

Pitfalls: stage 1 recon, confusing with broader AV/tech evasions, and "legitimate" guardrailing... ImageImageImage
Read 7 tweets
ATT&CK isn't just for Windows! @ForensicITGuy from @redcanaryco will be sharing "Alertable Techniques for Linux using ATT&CK" to discuss that not every technique is alertable and not all of them provide the same value for immediate detection. #ATTACKcon
@ForensicITGuy @redcanaryco Tony's getting into some specific technique implementations in Linux, a Platform where ATT&CK could certainly use more information on. Getting into how we can respond to alerts quickly, and what they might be telling us. #ATTACKcon
@ForensicITGuy @redcanaryco “Most of the time a curl command going to Pastebin is going to be malicious. If that’s in your business model let me know.” Some great tips on what to alert on in Linux. #ATTACKcon
Read 4 tweets
At #ATTACKcon I talked about #Jupyter notebooks as a way to share repeatable analysis. I was asked to share mine. Promise kept!

Learn how a notebook can speed hunting and automation with the new WDATP APIs.

🆕techcommunity.microsoft.com/t5/Threat-Inte…

📔github.com/Microsoft/Wind…

h/t @killchain ImageImageImageImage
#ATTACKCon keynote section on Jupyter:
And thanks to @killchain for introducing me to notebooks years ago 🙏
Read 3 tweets
If you missed the first #ATTACKCon, let me catch you up in this thread:
First, YES IT WAS RECORDED👍:
▫️Day 1 Morning:
▫️Day 1 Afternoon:
▫️Day 2 Morning:
▫️Day 2 Afternoon:
JUST GIVE ME THE HIGHLIGHTS:
I really enjoyed these recaps and live-tweets from @meansec, @likethecoins, and @redcanary:
▫️@redcanary highlights: redcanary.com/blog/community…
▫️Katie Nickles live-tweets: twitter.com/search?q=%23AT…
▫️@meansec live-tweets: twitter.com/search?q=%23AT…
My keynote on speeding #InfoSec learning:
👉SLIDES: 1drv.ms/p/s!Akl-R_H0qT…
▫️Community:
▫️Organized Knowledge:
▫️Executable Know-how:
▫️Repeatable Analysis:
Read 11 tweets
Thanks East Coast but it’s hard to beat the Pacific Northwest in Fall Image
I know you couldn’t attend #ATTACKcon @subTee so sending you some Pacific Northwest ❤️ Image
Image
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!