Wednesday, January 17, 2018

Hey everybody let's be nation state hackers

Apparently Mitre is cross referencing attack data, collected on the ATT&CK platform,  with open source intel (OSINT) to create playbooks allowing organizations to emulate nation state hackers:
 MITRE created Adversary Emulation Plans. These are prototype documents of what can be done with publicly available threat reports and ATT&CK. The purpose of this activity is to allow defenders to more effectively test their networks and defenses by enabling red teams to more actively model adversary behavior, as described by ATT&CK. This is part of a larger process to help more effectively test products and environments, as well as create analytics for ATT&CK behaviors rather than detecting a specific indicator of compromise (IOC) or specific tool.
For some reason, despite their good intentions this reminds me of CB4, starring Chris Rock:




I mean I get the need for accurate data and good red-teaming, and  good on Mitre for helping make that possible, but I just know at some point someone is going to impersonate a known APT group and all sorts of hilarity will ensue.

(Or maybe I am just being pessimistic, I haven't had coffee yet this morning).



No comments: