SlideShare a Scribd company logo
1 of 26
Download to read offline
MITRE ATT&CKcon BINGO Card
Standard
Application
Layer Protocol
SIP and Trust
Provider
Hijacking
Component
Object Model
Hijacking
SID-History
Injection
Peripheral
Device
Discovery
Trusted
Relationship
Execution
through API
Data Transfer
Size Limits
Network
Service
Scanning
Source
Multi-hop
Proxy
Launch Agent Powershell Port Knocking New Service
Redundant
Access
Audio Capture
Password
Filter DLL
Hidden Files
and Directories
Application
Window
Discovery
Software
Packing
Data
Obfuscation
DCShadow
System Time
Discovery
Windows
Remote
Management
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Indicator
Removal on
Host
Login Item Rundll32
Shortcut
Modification
Local Job
Scheduling
Screen
Capture
Rc.common
Exploitation for
Client
Execution
AppCert DLLs Source
Hardware
Additions
Commonly
Used Port
Powershell
NTFS File
Attributes
Indicator
Removal from
Tools
Web Shell
Permission
Groups
Discovery
Process
Discovery
Drive-by
Compromise
Network
Service
Scanning
Exploitation for
Defense
Evasion
Trusted
Relationship
Standard
Cryptographic
Protocol
Keychain Sudo Caching
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Bash History
Netsh Helper
DLL
Video Capture
Hardware
Additions
Third-party
Software
Keychain Bootkit AppCert DLLs Sudo Caching Clipboard Data
AppInit DLLs
Security
Software
Discovery
Powershell
Hidden
Window
Trap
Authentication
Package
Component
Firmware
Password
Filter DLL
Image File
Execution
Options
Injection
Windows
Remote
Management
Account
Manipulation
Man in the
Browser
Regsvr32
Communication
Through
Removable
Media
Data from
Local System
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Windows
Admin Shares
Hidden Files
and Directories
Setuid and
Setgid
Process
Hollowing
Component
Firmware
Data from
Information
Repositories
Data
Compressed
Taint Shared
Content
Man in the
Browser
LSASS Driver
Clear
Command
History
BITS Jobs Powershell Port Monitors
Command-
Line Interface
AppCert DLLs Code Signing
Standard
Application
Layer Protocol
Windows
Management
Instrumentation
Event
Subscription
Dynamic Data
Exchange
Control Panel
Items
Spearphishing
via Service
Rootkit
Application
Deployment
Software
Bootkit
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Two-Factor
Authentication
Interception
Component
Object Model
Hijacking
Bypass User
Account
Control
Rc.common LSASS Driver
Keychain
Indirect
Command
Execution
Indicator
Removal from
Tools
Windows
Management
Instrumentation
Custom
Command and
Control
Protocol
Kernel
Modules and
Extensions
Port Knocking Powershell
Multi-hop
Proxy
Spearphishing
via Service
Data
Encrypted
Fallback
Channels
Trap
Accessibility
Features
Spearphishing
Attachment
Signed Binary
Proxy
Execution
Indicator
Removal on
Host
Logon Scripts
Permission
Groups
Discovery
Remote
Services
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Regsvr32
Windows
Remote
Management
New Service
NTFS File
Attributes
Drive-by
Compromise
Scripting
Data from
Information
Repositories
CMSTP
Standard
Cryptographic
Protocol
Trap
Valid Accounts
Multi-hop
Proxy
Powershell
DLL Side-
Loading
Remote
System
Discovery
.bash_profile
and .bashrc
Security
Software
Discovery
Pass the Hash
File System
Permissions
Weakness
Hypervisor
Custom
Command and
Control
Protocol
Automated
Collection
Domain
Fronting
Plist
Modification
Time Providers
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Launch
Daemon
Bash History
Taint Shared
Content
Windows
Management
Instrumentation
Event
Subscription
Access Token
Manipulation
Securityd
Memory
Video Capture
Create
Account
Data Staged
Commonly
Used Port
Keychain
Trusted
Developer
Utilities
Powershell
Exfiltration
Over Other
Network
Medium
AppInit DLLs
Exploitation of
Remote
Services
Spearphishing
via Service
Spearphishing
Attachment
Masquerading
Graphical User
Interface
Security
Support
Provider
Automated
Exfiltration
System Time
Discovery
Hypervisor
Windows
Management
Instrumentation
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Bash History
Kernel
Modules and
Extensions
Process
Doppelgänging
Audio Capture Valid Accounts
Taint Shared
Content
Domain
Fronting
Video Capture
Modify
Registry
Signed Binary
Proxy
Execution
Screen
Capture
Network Share
Connection
Removal
Powershell Input Capture Sudo
Third-party
Software
Data from
Information
Repositories
Rundll32
User
Execution
System Time
Discovery
Automated
Exfiltration
Exfiltration
Over Physical
Medium
New Service
Clear
Command
History
Change
Default File
Association
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Commonly
Used Port
Hooking New Service
Exfiltration
Over
Alternative
Protocol
Netsh Helper
DLL
Exfiltration
Over Physical
Medium
Rc.common
Indicator
Removal from
Tools
Shortcut
Modification
Sudo Caching
Third-party
Software
Registry Run
Keys / Start
Folder
Powershell
SIP and Trust
Provider
Hijacking
Spearphishing
Attachment
Input Capture
Remote
System
Discovery
Remote
Desktop
Protocol
Masquerading
Binary
Padding
Network
Sniffing
Distributed
Component
Object Model
Standard
Cryptographic
Protocol
Signed Binary
Proxy
Execution
File System
Permissions
Weakness
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Standard Non-
Application
Layer Protocol
Exfiltration
Over Other
Network
Medium
DCShadow InstallUtil Timestomp
File System
Logical Offsets
Service
Execution
Rootkit Port Knocking Mshta
Graphical User
Interface
Extra Window
Memory
Injection
Powershell
Indirect
Command
Execution
Multilayer
Encryption
File Deletion
Remote
Desktop
Protocol
Execution
through
Module Load
Data from
Local System
Data from
Removable
Media
SSH Hijacking
System
Firmware
Valid Accounts
Spearphishing
via Service
Access Token
Manipulation
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Data Encoding
Exfiltration
Over
Command and
Control
Channel
Password
Policy
Discovery
Scripting
Supply Chain
Compromise
Scheduled
Transfer
Login Item
Network Share
Connection
Removal
Dynamic Data
Exchange
Binary
Padding
Permission
Groups
Discovery
Remote
System
Discovery
Powershell
Application
Window
Discovery
LSASS Driver
System
Information
Discovery
Service
Execution
Gatekeeper
Bypass
System
Network
Configuration
Discovery
SIP and Trust
Provider
Hijacking
Source
Data from
Information
Repositories
Web Shell Rootkit
Control Panel
Items
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Regsvr32 Kerberoasting
Custom
Command and
Control
Protocol
Automated
Collection
Keychain
Multi-hop
Proxy
Port Knocking
Extra Window
Memory
Injection
NTFS File
Attributes
Sudo
Browser
Extensions
Windows
Management
Instrumentation
Event
Subscription
Powershell Login Item
Trusted
Developer
Utilities
Control Panel
Items
Custom
Cryptographic
Protocol
Process
Hollowing
Rootkit
Execution
through API
System
Service
Discovery
Time Providers
Application
Shimming
User
Execution
Access Token
Manipulation
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Disabling
Security Tools
Launch Agent
Exfiltration
Over Physical
Medium
Process
Doppelgänging
Peripheral
Device
Discovery
Kernel
Modules and
Extensions
Automated
Collection
Exploit Public-
Facing
Application
Data from
Removable
Media
Indicator
Blocking
Network Share
Discovery
File System
Logical Offsets
Powershell Private Keys
Authentication
Package
Multi-hop
Proxy
Account
Discovery
Domain
Fronting
Signed Script
Proxy
Execution
Software
Packing
Two-Factor
Authentication
Interception
Remote File
Copy
File Deletion
Component
Firmware
Dynamic Data
Exchange
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Taint Shared
Content
Scheduled
Transfer
Spearphishing
via Service
Source
User
Execution
Install Root
Certificate
Data from
Information
Repositories
External
Remote
Services
Standard
Cryptographic
Protocol
Control Panel
Items
Exploitation for
Defense
Evasion
Winlogon
Helper DLL
Powershell
Multi-Stage
Channels
Supply Chain
Compromise
Launch Agent
Exploitation for
Client
Execution
Security
Support
Provider
Hardware
Additions
Data from
Network
Shared Drive
Exfiltration
Over
Command and
Control
Channel
Sudo InstallUtil
Forced
Authentication
Netsh Helper
DLL
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Network
Sniffing
Standard
Cryptographic
Protocol
Multi-Stage
Channels
Security
Support
Provider
Time Providers
Valid Accounts
Office
Application
Startup
New Service
Forced
Authentication
Control Panel
Items
Kerberoasting Bootkit Powershell
Credentials in
Registry
System
Network
Connections
Discovery
User
Execution
Brute Force Launch Agent
Exfiltration
Over Physical
Medium
Code Signing
SIP and Trust
Provider
Hijacking
Application
Deployment
Software
Source Pass the Hash CMSTP
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Exploitation for
Credential
Access
Process
Hollowing
Indirect
Command
Execution
Spearphishing
via Service
Network Share
Connection
Removal
Process
Doppelgänging
Brute Force Web Shell
Disabling
Security Tools
Pass the Hash
Security
Software
Discovery
Fallback
Channels
Powershell Bootkit
Install Root
Certificate
Network Share
Discovery
Application
Deployment
Software
Peripheral
Device
Discovery
Data Encoding CMSTP
Query Registry
Data from
Removable
Media
Netsh Helper
DLL
Process
Injection
Exfiltration
Over
Alternative
Protocol
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Access Token
Manipulation
Time Providers
Bypass User
Account
Control
Data
Encrypted
Sudo
Valid Accounts AppInit DLLs
Indirect
Command
Execution
DCShadow Launchctl
Hidden Users Kerberoasting Powershell Keychain
SIP and Trust
Provider
Hijacking
Brute Force
Data from
Network
Shared Drive
Source Query Registry
Gatekeeper
Bypass
Forced
Authentication
Securityd
Memory
SID-History
Injection
Uncommonly
Used Port
Regsvr32
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Data Encoding
Launch
Daemon
Remote
Desktop
Protocol
Trap
System
Owner/User
Discovery
Standard
Application
Layer Protocol
Exploit Public-
Facing
Application
Indicator
Removal on
Host
Web Service DCShadow
File and
Directory
Discovery
Standard
Cryptographic
Protocol
Powershell Audio Capture
Windows
Management
Instrumentation
Event
Subscription
Sudo
Dynamic Data
Exchange
Windows
Remote
Management
Process
Discovery
Launch Agent
Multi-Stage
Channels
Network
Sniffing
System Time
Discovery
Remote
Access Tools
Hypervisor
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Multilayer
Encryption
Application
Deployment
Software
Service
Execution
SID-History
Injection
Credential
Dumping
Process
Hollowing
Private Keys Audio Capture
Extra Window
Memory
Injection
Data from
Network
Shared Drive
Component
Firmware
Trusted
Developer
Utilities
Powershell Sudo Caching Web Service
.bash_profile
and .bashrc
Plist
Modification
Rootkit Mshta
System
Firmware
Uncommonly
Used Port
DCShadow
Drive-by
Compromise
Execution
through
Module Load
Two-Factor
Authentication
Interception
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Service
Execution
DLL Side-
Loading
Data from
Removable
Media
New Service
Install Root
Certificate
Mshta
Remote
Access Tools
Pass the
Ticket
Exfiltration
Over Physical
Medium
Graphical User
Interface
AppCert DLLs Port Knocking Powershell
Exfiltration
Over
Alternative
Protocol
Data
Encrypted
Custom
Cryptographic
Protocol
Winlogon
Helper DLL
Exfiltration
Over Other
Network
Medium
Uncommonly
Used Port
Network Share
Discovery
Process
Discovery
Replication
Through
Removable
Media
AppInit DLLs
Credentials in
Registry
Process
Doppelgänging
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Mshta
Application
Shimming
System
Owner/User
Discovery
Data from
Removable
Media
Exfiltration
Over Other
Network
Medium
Exploitation for
Client
Execution
DLL Side-
Loading
Dylib Hijacking
Component
Firmware
Email
Collection
Control Panel
Items
Network
Sniffing
Powershell
Commonly
Used Port
Modify
Registry
Remote
Desktop
Protocol
Man in the
Browser
Hidden
Window
Clipboard Data Kerberoasting
Account
Discovery
Launch
Daemon
Rundll32 Rootkit Login Item
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Input Capture Port Knocking SSH Hijacking Kerberoasting
Windows
Admin Shares
Distributed
Component
Object Model
Hidden Users Source
Software
Packing
Obfuscated
Files or
Information
Account
Manipulation
Launch Agent Powershell Data Encoding
Network
Service
Scanning
Shortcut
Modification
Communication
Through
Removable
Media
External
Remote
Services
Security
Software
Discovery
Data
Compressed
Keychain Time Providers Sudo Caching
Windows
Remote
Management
DCShadow
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
System
Network
Connections
Discovery
Change
Default File
Association
Exploitation for
Privilege
Escalation
Brute Force
Data from
Removable
Media
Winlogon
Helper DLL
Remote
System
Discovery
Uncommonly
Used Port
Office
Application
Startup
AppCert DLLs
Exploitation for
Credential
Access
Data from
Information
Repositories
Powershell
Install Root
Certificate
Scheduled
Transfer
Multilayer
Encryption
Multiband
Communication
Login Item Launch Agent
Network
Sniffing
Create
Account
AppleScript
Standard
Cryptographic
Protocol
Valid Accounts Time Providers
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Domain
Fronting
Query Registry
Application
Window
Discovery
Account
Discovery
Supply Chain
Compromise
Fallback
Channels
Data Staged
Credentials in
Files
Data Transfer
Size Limits
System
Owner/User
Discovery
Obfuscated
Files or
Information
Launch
Daemon
Powershell
Accessibility
Features
Automated
Exfiltration
AppCert DLLs
Uncommonly
Used Port
Trusted
Developer
Utilities
Signed Script
Proxy
Execution
Network
Sniffing
Launchctl
Extra Window
Memory
Injection
Exploitation for
Credential
Access
Clipboard Data
Multiband
Communication
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Process
Discovery
Hidden Files
and Directories
Signed Script
Proxy
Execution
File Deletion
Netsh Helper
DLL
Input Capture Startup Items Source
DLL Search
Order
Hijacking
Re-opened
Applications
Standard
Application
Layer Protocol
Redundant
Access
Powershell
Local Job
Scheduling
CMSTP
Process
Injection
Process
Doppelgänging
Screensaver
Custom
Command and
Control
Protocol
Taint Shared
Content
Clear
Command
History
Modify
Registry
Shared
Webroot
Video Capture Bootkit
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
MITRE ATT&CKcon BINGO Card
Browser
Bookmark
Discovery
AppleScript Startup Items
Network
Service
Scanning
Password
Filter DLL
Securityd
Memory
Source Mshta
User
Execution
Redundant
Access
Indicator
Removal on
Host
Process
Discovery
Powershell
Indicator
Removal from
Tools
Rootkit
Dynamic Data
Exchange
Spearphishing
Link
Multiband
Communication
Security
Software
Discovery
Port Monitors
Exploit Public-
Facing
Application
Re-opened
Applications
Change
Default File
Association
System Time
Discovery
DLL Side-
Loading
ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off.
Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.

More Related Content

What's hot

Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudMITRE ATT&CK
 
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourState of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourAdam Pennington
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!MITRE ATT&CK
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Tripwire
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE - ATT&CKcon
 
20181116.smart can cable_v2
20181116.smart can cable_v220181116.smart can cable_v2
20181116.smart can cable_v2Mocke Tech
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
 
Which Came First: The Phish or the Opportunity to Defend Against It
Which Came First: The Phish or the Opportunity to Defend Against ItWhich Came First: The Phish or the Opportunity to Defend Against It
Which Came First: The Phish or the Opportunity to Defend Against ItJamieWilliams130
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi TaniguchiCODE BLUE
 

What's hot (19)

Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
 
Grc f42
Grc f42Grc f42
Grc f42
 
State of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power HourState of the ATT&CK - ATT&CKcon Power Hour
State of the ATT&CK - ATT&CKcon Power Hour
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
 
Putting the PRE into ATTACK
Putting the PRE into ATTACKPutting the PRE into ATTACK
Putting the PRE into ATTACK
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
 
20181116.smart can cable_v2
20181116.smart can cable_v220181116.smart can cable_v2
20181116.smart can cable_v2
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
 
Which Came First: The Phish or the Opportunity to Defend Against It
Which Came First: The Phish or the Opportunity to Defend Against ItWhich Came First: The Phish or the Opportunity to Defend Against It
Which Came First: The Phish or the Opportunity to Defend Against It
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
 

Similar to ATT&CK BINGO

Getting Bear-y Cozy with PowerShell
Getting Bear-y Cozy with PowerShellGetting Bear-y Cozy with PowerShell
Getting Bear-y Cozy with PowerShellJamieWilliams130
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...Adam Pennington
 
Making Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalMaking Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalPriyanka Aash
 
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...Igor Korkin
 
MITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdfMITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdfAisyiFree
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Andrew Case
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!EC-Council
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
IS Unit 7_Network Security
IS Unit 7_Network SecurityIS Unit 7_Network Security
IS Unit 7_Network SecuritySarthak Patel
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Hyperledger Fabric Architecture
Hyperledger Fabric ArchitectureHyperledger Fabric Architecture
Hyperledger Fabric Architecture상문 오
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
 
ISACA GTACS 2018 - Red Teaming for Enterprise
ISACA GTACS 2018 - Red Teaming for Enterprise ISACA GTACS 2018 - Red Teaming for Enterprise
ISACA GTACS 2018 - Red Teaming for Enterprise Saeid Atabaki
 

Similar to ATT&CK BINGO (20)

Getting Bear-y Cozy with PowerShell
Getting Bear-y Cozy with PowerShellGetting Bear-y Cozy with PowerShell
Getting Bear-y Cozy with PowerShell
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
 
Making Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalMaking Threat Intelligence Actionable Final
Making Threat Intelligence Actionable Final
 
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...
 
Splunk and node
Splunk and nodeSplunk and node
Splunk and node
 
MITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdfMITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdf
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
 
Network security
Network securityNetwork security
Network security
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
Blockchain & microsoft
Blockchain & microsoftBlockchain & microsoft
Blockchain & microsoft
 
IS Unit 7_Network Security
IS Unit 7_Network SecurityIS Unit 7_Network Security
IS Unit 7_Network Security
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
 
Hyperledger Fabric Architecture
Hyperledger Fabric ArchitectureHyperledger Fabric Architecture
Hyperledger Fabric Architecture
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
 
ISACA GTACS 2018 - Red Teaming for Enterprise
ISACA GTACS 2018 - Red Teaming for Enterprise ISACA GTACS 2018 - Red Teaming for Enterprise
ISACA GTACS 2018 - Red Teaming for Enterprise
 

More from Adam Pennington

State of the ATT&CK May 2023
State of the ATT&CK May 2023State of the ATT&CK May 2023
State of the ATT&CK May 2023Adam Pennington
 
The Adversaries We've Met Along the Way
The Adversaries We've Met Along the WayThe Adversaries We've Met Along the Way
The Adversaries We've Met Along the WayAdam Pennington
 
Leveraging Campaigns to Untangle the Threat Group Ship of Theseus
Leveraging Campaigns to Untangle the Threat Group Ship of TheseusLeveraging Campaigns to Untangle the Threat Group Ship of Theseus
Leveraging Campaigns to Untangle the Threat Group Ship of TheseusAdam Pennington
 
Picking Up the Pieces: How Campaigns Can Help Us Better Track Groups
Picking Up the Pieces: How Campaigns Can Help Us Better Track GroupsPicking Up the Pieces: How Campaigns Can Help Us Better Track Groups
Picking Up the Pieces: How Campaigns Can Help Us Better Track GroupsAdam Pennington
 
Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CKwith OceanLotus PosturesBecoming a Yogi on Mac ATT&CKwith OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus PosturesAdam Pennington
 

More from Adam Pennington (6)

State of the ATT&CK May 2023
State of the ATT&CK May 2023State of the ATT&CK May 2023
State of the ATT&CK May 2023
 
The Adversaries We've Met Along the Way
The Adversaries We've Met Along the WayThe Adversaries We've Met Along the Way
The Adversaries We've Met Along the Way
 
State of ATT&CK
State of ATT&CKState of ATT&CK
State of ATT&CK
 
Leveraging Campaigns to Untangle the Threat Group Ship of Theseus
Leveraging Campaigns to Untangle the Threat Group Ship of TheseusLeveraging Campaigns to Untangle the Threat Group Ship of Theseus
Leveraging Campaigns to Untangle the Threat Group Ship of Theseus
 
Picking Up the Pieces: How Campaigns Can Help Us Better Track Groups
Picking Up the Pieces: How Campaigns Can Help Us Better Track GroupsPicking Up the Pieces: How Campaigns Can Help Us Better Track Groups
Picking Up the Pieces: How Campaigns Can Help Us Better Track Groups
 
Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CKwith OceanLotus PosturesBecoming a Yogi on Mac ATT&CKwith OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
 

Recently uploaded

Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 

Recently uploaded (20)

Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 

ATT&CK BINGO

  • 1. MITRE ATT&CKcon BINGO Card Standard Application Layer Protocol SIP and Trust Provider Hijacking Component Object Model Hijacking SID-History Injection Peripheral Device Discovery Trusted Relationship Execution through API Data Transfer Size Limits Network Service Scanning Source Multi-hop Proxy Launch Agent Powershell Port Knocking New Service Redundant Access Audio Capture Password Filter DLL Hidden Files and Directories Application Window Discovery Software Packing Data Obfuscation DCShadow System Time Discovery Windows Remote Management ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 2. MITRE ATT&CKcon BINGO Card Indicator Removal on Host Login Item Rundll32 Shortcut Modification Local Job Scheduling Screen Capture Rc.common Exploitation for Client Execution AppCert DLLs Source Hardware Additions Commonly Used Port Powershell NTFS File Attributes Indicator Removal from Tools Web Shell Permission Groups Discovery Process Discovery Drive-by Compromise Network Service Scanning Exploitation for Defense Evasion Trusted Relationship Standard Cryptographic Protocol Keychain Sudo Caching ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 3. MITRE ATT&CKcon BINGO Card Bash History Netsh Helper DLL Video Capture Hardware Additions Third-party Software Keychain Bootkit AppCert DLLs Sudo Caching Clipboard Data AppInit DLLs Security Software Discovery Powershell Hidden Window Trap Authentication Package Component Firmware Password Filter DLL Image File Execution Options Injection Windows Remote Management Account Manipulation Man in the Browser Regsvr32 Communication Through Removable Media Data from Local System ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 4. MITRE ATT&CKcon BINGO Card Windows Admin Shares Hidden Files and Directories Setuid and Setgid Process Hollowing Component Firmware Data from Information Repositories Data Compressed Taint Shared Content Man in the Browser LSASS Driver Clear Command History BITS Jobs Powershell Port Monitors Command- Line Interface AppCert DLLs Code Signing Standard Application Layer Protocol Windows Management Instrumentation Event Subscription Dynamic Data Exchange Control Panel Items Spearphishing via Service Rootkit Application Deployment Software Bootkit ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 5. MITRE ATT&CKcon BINGO Card Two-Factor Authentication Interception Component Object Model Hijacking Bypass User Account Control Rc.common LSASS Driver Keychain Indirect Command Execution Indicator Removal from Tools Windows Management Instrumentation Custom Command and Control Protocol Kernel Modules and Extensions Port Knocking Powershell Multi-hop Proxy Spearphishing via Service Data Encrypted Fallback Channels Trap Accessibility Features Spearphishing Attachment Signed Binary Proxy Execution Indicator Removal on Host Logon Scripts Permission Groups Discovery Remote Services ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 6. MITRE ATT&CKcon BINGO Card Regsvr32 Windows Remote Management New Service NTFS File Attributes Drive-by Compromise Scripting Data from Information Repositories CMSTP Standard Cryptographic Protocol Trap Valid Accounts Multi-hop Proxy Powershell DLL Side- Loading Remote System Discovery .bash_profile and .bashrc Security Software Discovery Pass the Hash File System Permissions Weakness Hypervisor Custom Command and Control Protocol Automated Collection Domain Fronting Plist Modification Time Providers ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 7. MITRE ATT&CKcon BINGO Card Launch Daemon Bash History Taint Shared Content Windows Management Instrumentation Event Subscription Access Token Manipulation Securityd Memory Video Capture Create Account Data Staged Commonly Used Port Keychain Trusted Developer Utilities Powershell Exfiltration Over Other Network Medium AppInit DLLs Exploitation of Remote Services Spearphishing via Service Spearphishing Attachment Masquerading Graphical User Interface Security Support Provider Automated Exfiltration System Time Discovery Hypervisor Windows Management Instrumentation ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 8. MITRE ATT&CKcon BINGO Card Bash History Kernel Modules and Extensions Process Doppelgänging Audio Capture Valid Accounts Taint Shared Content Domain Fronting Video Capture Modify Registry Signed Binary Proxy Execution Screen Capture Network Share Connection Removal Powershell Input Capture Sudo Third-party Software Data from Information Repositories Rundll32 User Execution System Time Discovery Automated Exfiltration Exfiltration Over Physical Medium New Service Clear Command History Change Default File Association ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 9. MITRE ATT&CKcon BINGO Card Commonly Used Port Hooking New Service Exfiltration Over Alternative Protocol Netsh Helper DLL Exfiltration Over Physical Medium Rc.common Indicator Removal from Tools Shortcut Modification Sudo Caching Third-party Software Registry Run Keys / Start Folder Powershell SIP and Trust Provider Hijacking Spearphishing Attachment Input Capture Remote System Discovery Remote Desktop Protocol Masquerading Binary Padding Network Sniffing Distributed Component Object Model Standard Cryptographic Protocol Signed Binary Proxy Execution File System Permissions Weakness ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 10. MITRE ATT&CKcon BINGO Card Standard Non- Application Layer Protocol Exfiltration Over Other Network Medium DCShadow InstallUtil Timestomp File System Logical Offsets Service Execution Rootkit Port Knocking Mshta Graphical User Interface Extra Window Memory Injection Powershell Indirect Command Execution Multilayer Encryption File Deletion Remote Desktop Protocol Execution through Module Load Data from Local System Data from Removable Media SSH Hijacking System Firmware Valid Accounts Spearphishing via Service Access Token Manipulation ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 11. MITRE ATT&CKcon BINGO Card Data Encoding Exfiltration Over Command and Control Channel Password Policy Discovery Scripting Supply Chain Compromise Scheduled Transfer Login Item Network Share Connection Removal Dynamic Data Exchange Binary Padding Permission Groups Discovery Remote System Discovery Powershell Application Window Discovery LSASS Driver System Information Discovery Service Execution Gatekeeper Bypass System Network Configuration Discovery SIP and Trust Provider Hijacking Source Data from Information Repositories Web Shell Rootkit Control Panel Items ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 12. MITRE ATT&CKcon BINGO Card Regsvr32 Kerberoasting Custom Command and Control Protocol Automated Collection Keychain Multi-hop Proxy Port Knocking Extra Window Memory Injection NTFS File Attributes Sudo Browser Extensions Windows Management Instrumentation Event Subscription Powershell Login Item Trusted Developer Utilities Control Panel Items Custom Cryptographic Protocol Process Hollowing Rootkit Execution through API System Service Discovery Time Providers Application Shimming User Execution Access Token Manipulation ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 13. MITRE ATT&CKcon BINGO Card Disabling Security Tools Launch Agent Exfiltration Over Physical Medium Process Doppelgänging Peripheral Device Discovery Kernel Modules and Extensions Automated Collection Exploit Public- Facing Application Data from Removable Media Indicator Blocking Network Share Discovery File System Logical Offsets Powershell Private Keys Authentication Package Multi-hop Proxy Account Discovery Domain Fronting Signed Script Proxy Execution Software Packing Two-Factor Authentication Interception Remote File Copy File Deletion Component Firmware Dynamic Data Exchange ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 14. MITRE ATT&CKcon BINGO Card Taint Shared Content Scheduled Transfer Spearphishing via Service Source User Execution Install Root Certificate Data from Information Repositories External Remote Services Standard Cryptographic Protocol Control Panel Items Exploitation for Defense Evasion Winlogon Helper DLL Powershell Multi-Stage Channels Supply Chain Compromise Launch Agent Exploitation for Client Execution Security Support Provider Hardware Additions Data from Network Shared Drive Exfiltration Over Command and Control Channel Sudo InstallUtil Forced Authentication Netsh Helper DLL ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 15. MITRE ATT&CKcon BINGO Card Network Sniffing Standard Cryptographic Protocol Multi-Stage Channels Security Support Provider Time Providers Valid Accounts Office Application Startup New Service Forced Authentication Control Panel Items Kerberoasting Bootkit Powershell Credentials in Registry System Network Connections Discovery User Execution Brute Force Launch Agent Exfiltration Over Physical Medium Code Signing SIP and Trust Provider Hijacking Application Deployment Software Source Pass the Hash CMSTP ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 16. MITRE ATT&CKcon BINGO Card Exploitation for Credential Access Process Hollowing Indirect Command Execution Spearphishing via Service Network Share Connection Removal Process Doppelgänging Brute Force Web Shell Disabling Security Tools Pass the Hash Security Software Discovery Fallback Channels Powershell Bootkit Install Root Certificate Network Share Discovery Application Deployment Software Peripheral Device Discovery Data Encoding CMSTP Query Registry Data from Removable Media Netsh Helper DLL Process Injection Exfiltration Over Alternative Protocol ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 17. MITRE ATT&CKcon BINGO Card Access Token Manipulation Time Providers Bypass User Account Control Data Encrypted Sudo Valid Accounts AppInit DLLs Indirect Command Execution DCShadow Launchctl Hidden Users Kerberoasting Powershell Keychain SIP and Trust Provider Hijacking Brute Force Data from Network Shared Drive Source Query Registry Gatekeeper Bypass Forced Authentication Securityd Memory SID-History Injection Uncommonly Used Port Regsvr32 ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 18. MITRE ATT&CKcon BINGO Card Data Encoding Launch Daemon Remote Desktop Protocol Trap System Owner/User Discovery Standard Application Layer Protocol Exploit Public- Facing Application Indicator Removal on Host Web Service DCShadow File and Directory Discovery Standard Cryptographic Protocol Powershell Audio Capture Windows Management Instrumentation Event Subscription Sudo Dynamic Data Exchange Windows Remote Management Process Discovery Launch Agent Multi-Stage Channels Network Sniffing System Time Discovery Remote Access Tools Hypervisor ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 19. MITRE ATT&CKcon BINGO Card Multilayer Encryption Application Deployment Software Service Execution SID-History Injection Credential Dumping Process Hollowing Private Keys Audio Capture Extra Window Memory Injection Data from Network Shared Drive Component Firmware Trusted Developer Utilities Powershell Sudo Caching Web Service .bash_profile and .bashrc Plist Modification Rootkit Mshta System Firmware Uncommonly Used Port DCShadow Drive-by Compromise Execution through Module Load Two-Factor Authentication Interception ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 20. MITRE ATT&CKcon BINGO Card Service Execution DLL Side- Loading Data from Removable Media New Service Install Root Certificate Mshta Remote Access Tools Pass the Ticket Exfiltration Over Physical Medium Graphical User Interface AppCert DLLs Port Knocking Powershell Exfiltration Over Alternative Protocol Data Encrypted Custom Cryptographic Protocol Winlogon Helper DLL Exfiltration Over Other Network Medium Uncommonly Used Port Network Share Discovery Process Discovery Replication Through Removable Media AppInit DLLs Credentials in Registry Process Doppelgänging ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 21. MITRE ATT&CKcon BINGO Card Mshta Application Shimming System Owner/User Discovery Data from Removable Media Exfiltration Over Other Network Medium Exploitation for Client Execution DLL Side- Loading Dylib Hijacking Component Firmware Email Collection Control Panel Items Network Sniffing Powershell Commonly Used Port Modify Registry Remote Desktop Protocol Man in the Browser Hidden Window Clipboard Data Kerberoasting Account Discovery Launch Daemon Rundll32 Rootkit Login Item ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 22. MITRE ATT&CKcon BINGO Card Input Capture Port Knocking SSH Hijacking Kerberoasting Windows Admin Shares Distributed Component Object Model Hidden Users Source Software Packing Obfuscated Files or Information Account Manipulation Launch Agent Powershell Data Encoding Network Service Scanning Shortcut Modification Communication Through Removable Media External Remote Services Security Software Discovery Data Compressed Keychain Time Providers Sudo Caching Windows Remote Management DCShadow ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 23. MITRE ATT&CKcon BINGO Card System Network Connections Discovery Change Default File Association Exploitation for Privilege Escalation Brute Force Data from Removable Media Winlogon Helper DLL Remote System Discovery Uncommonly Used Port Office Application Startup AppCert DLLs Exploitation for Credential Access Data from Information Repositories Powershell Install Root Certificate Scheduled Transfer Multilayer Encryption Multiband Communication Login Item Launch Agent Network Sniffing Create Account AppleScript Standard Cryptographic Protocol Valid Accounts Time Providers ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 24. MITRE ATT&CKcon BINGO Card Domain Fronting Query Registry Application Window Discovery Account Discovery Supply Chain Compromise Fallback Channels Data Staged Credentials in Files Data Transfer Size Limits System Owner/User Discovery Obfuscated Files or Information Launch Daemon Powershell Accessibility Features Automated Exfiltration AppCert DLLs Uncommonly Used Port Trusted Developer Utilities Signed Script Proxy Execution Network Sniffing Launchctl Extra Window Memory Injection Exploitation for Credential Access Clipboard Data Multiband Communication ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 25. MITRE ATT&CKcon BINGO Card Process Discovery Hidden Files and Directories Signed Script Proxy Execution File Deletion Netsh Helper DLL Input Capture Startup Items Source DLL Search Order Hijacking Re-opened Applications Standard Application Layer Protocol Redundant Access Powershell Local Job Scheduling CMSTP Process Injection Process Doppelgänging Screensaver Custom Command and Control Protocol Taint Shared Content Clear Command History Modify Registry Shared Webroot Video Capture Bootkit ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.
  • 26. MITRE ATT&CKcon BINGO Card Browser Bookmark Discovery AppleScript Startup Items Network Service Scanning Password Filter DLL Securityd Memory Source Mshta User Execution Redundant Access Indicator Removal on Host Process Discovery Powershell Indicator Removal from Tools Rootkit Dynamic Data Exchange Spearphishing Link Multiband Communication Security Software Discovery Port Monitors Exploit Public- Facing Application Re-opened Applications Change Default File Association System Time Discovery DLL Side- Loading ATT&CKcon BINGO rules: If you hear a technique mentioned in a talk or on a slide at ATT&CKcon, cross it off. Shots of the whole ATT&CK matrix don't count. If you get 5 in a row, find Adam Pennington for a prize.