From 0635379b5bd17f4d5288331cb92750ebf30cfbab Mon Sep 17 00:00:00 2001 From: Jared Ondricek <90368810+jondricek@users.noreply.github.com> Date: Mon, 30 Sep 2024 14:50:48 -0500 Subject: [PATCH 1/3] Add missing links for ATT&CKcon 4.0 talks --- data/attackcon.json | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/data/attackcon.json b/data/attackcon.json index 16c4d4492f8..a7435021f8f 100644 --- a/data/attackcon.json +++ b/data/attackcon.json @@ -158,7 +158,8 @@ } ], "description": "You have had a pen test, a red team or a threat intelligence report and drawn up a plan for remediation. You have been told you have 15 mins in front of the CFO in 48 hours! How do you show ,on one page, the connection between the techniques you are exposed and vulnerable to, the path of least resistance and the focused control changes required right now?

How will the CFO get the picture so the result is \"I get it, what do you need?\"

Understanding ATT&CK as a practitioner is great with the current matrix but it is inaccessible to the CFO. But it doesn't have to be that way.

Phil will chart the journey to improved visualization of ATT&CK techniques. He will show how the DNA of ATT&CK doesn’t just make ATT&CK accessible for all but that it can be beautiful!", - "video": "https://www.youtube.com/watch?v=FJ8FdgEgYXw&list=PLkTApXQou_8If8_fwdCKVnwHr0WaEnfSH&index=13" + "video": "https://www.youtube.com/watch?v=FJ8FdgEgYXw&list=PLkTApXQou_8If8_fwdCKVnwHr0WaEnfSH&index=13", + "slides": "https://www.slideshare.net/slideshow/the-art-of-communicating-attck-to-the-cfo/262859524" }, { "title": "Navigating the Attention Economy – Using MITRE ATT&CK to Communicate to Stakeholders at all Levels", @@ -232,7 +233,8 @@ } ], "description": "KC7 uses an experiential learning pedagogy to teach cybersecurity analysis to students of all levels, from elementary school all the way to industry professionals. In the KC7 experience, students analyze realistic cybersecurity data and answer a series of CTF-style questions that guide them through an investigative journey.

In order to generate authentic intrusion data, we create a fictional company that is attacked by cyber threat actors. The attributes and behaviors of these actors are defined via yaml configurations that are modeled based on MITRE ATT&CK categories and techniques. For example, we can granularly define what techniques an attacker uses for initial access or lateral movement, and how the actor explicitly uses those techniques.

Students that effectively analyze KC7 intrusion data can map the observed activity to the various stages of the MITRE ATT&CK framework. Organizing actor definitions around the ATT&CK framework allows KC7 to create a rich set of intrusion data in various permutations - and ensure that students are exposed to a diverse array of scenarios. A pleasant byproduct of this methodology is that students of MITRE ATT&CK can now study techniques contextually in data rather than just reading about them in reports.", - "video": "https://www.youtube.com/watch?v=I2shZqo_k2Y&list=PLkTApXQou_8If8_fwdCKVnwHr0WaEnfSH&index=19" + "video": "https://www.youtube.com/watch?v=I2shZqo_k2Y&list=PLkTApXQou_8If8_fwdCKVnwHr0WaEnfSH&index=19", + "slides": "https://www.slideshare.net/slideshow/using-attck-to-created-wicked-actors-in-real-data/262859770" }, { "title": "MITRE ATT&CK Updates: New Ideas in Enterprise - Pushing the boundaries of ATT&CK's long-established scope", @@ -279,6 +281,7 @@ } ], "description": "", + "video": "https://www.youtube.com/watch?v=m2HZgOYxcic&list=PLkTApXQou_8If8_fwdCKVnwHr0WaEnfSH&index=26", "slides": "https://www.slideshare.net/MITREATTACK/mitre-attck-updates-state-of-the-cloud" }, { @@ -326,7 +329,8 @@ } ], "description": "The purpose of this session will be to look at how the linux-malware repo came to take shape and how we've used it to inform our view on adversarial behaviour over the last couple of years. Since the original reason for staring this project was to look at Linux coverage in ATT&CK, we'll play back some of the interesting points and reflect on how they've affected ATT&CK itself.", - "video": "https://www.youtube.com/watch?v=PCw3Wa9GBP4&list=PLkTApXQou_8If8_fwdCKVnwHr0WaEnfSH&index=28" + "video": "https://www.youtube.com/watch?v=PCw3Wa9GBP4&list=PLkTApXQou_8If8_fwdCKVnwHr0WaEnfSH&index=28", + "slides": "https://www.slideshare.net/slideshow/i-can-haz-cake-benefits-of-working-with-mitre-on-attck/262860255" }, { "title": "Updates from the Center for Threat-Informed Defense", @@ -407,7 +411,8 @@ } ], "description": "Many use the ATT&CK matrix to map tool coverage across the environment. This blanket coverage is a good baseline but it can miss certain aspects of the enterprise's context like risk levels, organisational priorities, and industry specific threat intelligence. I want to discuss ways to layer these lenses on top of an enterprise mapping to make ATT&CK more relevant to the specific enterprise. If done right this can lead to more actionable metrics and reporting on improvements.", - "video": "https://youtu.be/TsrOYObSMO4?si=pkg565FUFuOh_f7X&t=1507" + "video": "https://youtu.be/TsrOYObSMO4?si=pkg565FUFuOh_f7X&t=1507", + "slides": "https://www.slideshare.net/slideshow/or-lenses-and-layers-adding-business-context-to-enterprise-mappings/262859506" }, { "title": "Lightning Talk: ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)", @@ -418,7 +423,8 @@ } ], "description": "This metrics- and meme-based lightning session spotlights the success story that is the CTI industry’s impressive (and expanding) adoption of ATT&CK in their products. Using nearly 6 years’ worth of ATT&CK-mapped, public threat reports collected from government, vendor, & independent sources, we’ll show how the rate (and detail) of mapping has increased considerably, while showcasing (anonymized) examples of high-quality end-products, with the aim of inspiring further ATT&CK adoption in this important corner of the field.", - "video": "https://youtu.be/TsrOYObSMO4?si=iqw3wjOGyPIMtApY&t=1794" + "video": "https://youtu.be/TsrOYObSMO4?si=iqw3wjOGyPIMtApY&t=1794", + "slides": "https://www.slideshare.net/slideshow/attcks-adoption-in-cti-a-great-success-with-room-to-grow/262860181" }, { "title": "Lightning Talk: Automating testing by implementing ATT&CK using the Blackboard Architecture", From 91db5a3c1a94837c181266e4e406ed0fc1a782d3 Mon Sep 17 00:00:00 2001 From: adpare Date: Mon, 7 Oct 2024 17:45:29 -0400 Subject: [PATCH 2/3] updating attackcon virtual links --- data/attackcon.json | 2 +- website-banner.production | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/attackcon.json b/data/attackcon.json index a7435021f8f..063b5b0cd90 100644 --- a/data/attackcon.json +++ b/data/attackcon.json @@ -1,7 +1,7 @@ [{ "date": "October 2024", "title": "ATT&CKcon 5.0", - "description": "

On October 22 and 23, 2024, join fellow cyber professionals at MITRE ATT&CK’s headquarters in McLean, VA for two days of programming, featuring knowledgeable speakers, engaging content, and meaningful collaboration, all designed to help you leverage the ATT&CK framework.

To visit the in-person registration portal, click here

To view the agenda, click here

Stay connected for updates on how to register for virtual attendance!

", +"description": "

On October 22 and 23, 2024, join fellow cyber professionals at MITRE ATT&CK’s headquarters in McLean, VA for two days of programming, featuring knowledgeable speakers, engaging content, and meaningful collaboration, all designed to help you leverage the ATT&CK framework.

To visit the in-person registration portal, click here

To visit the virtual registration portal, click here

To view the agenda, click here

", "sponsors_img_list": [], "presentations": [] }, diff --git a/website-banner.production b/website-banner.production index 8cbd8da7aad..38b60407ec7 100644 --- a/website-banner.production +++ b/website-banner.production @@ -1 +1 @@ -ATT&CKcon 5.0 returns October 22-23, 2024 in McLean, VA. Register for in-person participation here. Stay tuned for virtual registration! \ No newline at end of file +ATT&CKcon 5.0 returns October 22-23, 2024 in McLean, VA. Register for in-person participation here and virtual participation here \ No newline at end of file From 9237fc308ab526d90991b4fb40047a3eaca6d9d6 Mon Sep 17 00:00:00 2001 From: adpare Date: Mon, 28 Oct 2024 15:13:34 -0500 Subject: [PATCH 3/3] remove attackcon banner --- attack-theme/templates/general/attack-index.html | 8 ++++---- website-banner.production | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/attack-theme/templates/general/attack-index.html b/attack-theme/templates/general/attack-index.html index d9769aaf057..7d2d63b83c3 100644 --- a/attack-theme/templates/general/attack-index.html +++ b/attack-theme/templates/general/attack-index.html @@ -59,13 +59,13 @@ --> - - + +

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.

-
+ {% else %}

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. diff --git a/website-banner.production b/website-banner.production index 38b60407ec7..e69de29bb2d 100644 --- a/website-banner.production +++ b/website-banner.production @@ -1 +0,0 @@ -ATT&CKcon 5.0 returns October 22-23, 2024 in McLean, VA. Register for in-person participation here and virtual participation here \ No newline at end of file