SlideShare a Scribd company logo

What's New with ATTACK for Cloud?

MITRE - ATT&CKcon
MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour October 2020 By Jen Burns, Lead Cybersecurity Engineer, MITRE, @snarejen Jen Burns is a Lead Cybersecurity Engineer at MITRE and the Lead for MITRE ATT&CK® for Cloud. She’s also a red team developer and lead for ATT&CK Evaluations, using her skills in software engineering and adversary emulation. Previously, she was a tech lead at HubSpot on the Infrastructure Security team where she focused on red teaming and building detections in the cloud environment. This presentation is from the MITRE ATT&CKcon Power Hour session held on October 9, 2020.

Government & Nonprofit
1 of 13
Download to read offline
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 � for Cloud? Jen Burns @snarejen @MITREattack
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-000000 | 90 | for Cloud Credit to Dave Herrald and Ryan Kovar
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 ATT&CK for Cloud Beginnings Initial Release October 2019 Part of Enterprise ATT&CK Almost 100% community- contributed techniques! Input from: A cloud service provider Threat analysts Detection analysts Red teams
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 ATT&CK for Cloud Today
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 ATT&CK for Cloud Scope Add techniques generally visible via Cloud data sources AWS CloudTrail Logs Azure Activity Logs Office365 Audit Logs etc Minimize duplication across Windows/Linux/macOS Cloud is meant to add an additional layer to ATT&CK Example:
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Future of Cloud Platforms Current Future SaaS IaaS Additional SaaS Additional SaaS Additional SaaS SaaS
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Why generalize to IaaS? Current IaaS platforms share most techniques Differences between Cloud Service Providers (CSPs) can be documented within the technique All CSPs can be represented Community feedback favors a single platform
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Cloud Data Sources Today AWS CloudTrail logs Azure activity logs GCP audit logs Oauth audit logs
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Future of Cloud Data Sources Data Source One or more Data Components Mapping(s) to Relevant Azure Operation Name(s) Mapping(s) to Relevant AWS CloudTrail Event Name(s) Mapping(s) to Relevant GCP REST API Method(s) Mapping(s) to Other CSPs or SaaS Events https://media.giphy.com/media/l41m6QYDHcEEwjo52/giphy.gif
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Example IaaS Data Source Instance Data Source Data Component Events (API) Instance Creation Instance Modification Instance Deletion Instance Metadata Instance Enumeration Instance Start Instance Stop AWS: ListInstances AWS: ModifyInstanceAttribute AWS: TerminateInstances AWS: DescribeInstances AWS: RunInstances AWS: StartInstances AWS: StopInstances
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Why the change? Ensure approach is consistent with the rest of Enterprise Suggest reading blog from Jose Luis Rodriguez https://medium.com/mitre-attack/defining-attack-data-sources-part-i- 4c39e581454f Create more meaningful data sources for Cloud Refactor to align to events and API calls within these logs instead Align to future Cloud platform updates
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 We need your help! thoughts on how can we improve ATT&CK for Cloud? opinions on our platform or data source plans?
�2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 attack@mitre.org @MITREattack Jen Burns @snarejen

Recommended

What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE - ATT&CKcon
 

Recommended

What's New with ATTACK for ICS?
What's New with ATTACK for ICS?What's New with ATTACK for ICS?
What's New with ATTACK for ICS?MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...
MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - TRAM; Jackie Lasky and Sarah Yoder, MITREMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE - ATT&CKcon
 
Smart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your SensorSmart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your SensorPeter Waher
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
June 2016 Worldwide Netskope Cloud Report
June 2016 Worldwide Netskope Cloud Report June 2016 Worldwide Netskope Cloud Report
June 2016 Worldwide Netskope Cloud Report Netskope
 
Smart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart CitySmart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart CityPeter Waher
 
Smart City Lab 1 - Sensors and Actuators
Smart City Lab 1 - Sensors and ActuatorsSmart City Lab 1 - Sensors and Actuators
Smart City Lab 1 - Sensors and ActuatorsPeter Waher
 
Smart City Lab 6 - Decision Support for your Devices
Smart City Lab 6 - Decision Support for your DevicesSmart City Lab 6 - Decision Support for your Devices
Smart City Lab 6 - Decision Support for your DevicesPeter Waher
 
Smart City Lab 2 - Connect and Chat with your Device
Smart City Lab 2 - Connect and Chat with your DeviceSmart City Lab 2 - Connect and Chat with your Device
Smart City Lab 2 - Connect and Chat with your DevicePeter Waher
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Mark Silverberg
 
Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Jacklin Berry
 
Charting the Course Through Disruption with CSA Research
Charting the Course Through Disruption with CSA ResearchCharting the Course Through Disruption with CSA Research
Charting the Course Through Disruption with CSA ResearchCarolina Ozán
 
APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019
APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019
APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019Daniel Weiss
 
SYN111: What's New and Exciting with XenMobile
SYN111: What's New and Exciting with XenMobileSYN111: What's New and Exciting with XenMobile
SYN111: What's New and Exciting with XenMobileCitrix
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cloudflare
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...Cloudflare
 
SIEM game changer
SIEM game changerSIEM game changer
SIEM game changerSecurity Dialog
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationCloudLock
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Garantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoGarantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoCristian Garcia G.
 
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...MarketingArrowECS_CZ
 
SYN 321: Securing the Published Browser
SYN 321: Securing the Published BrowserSYN 321: Securing the Published Browser
SYN 321: Securing the Published BrowserCitrix
 
The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...
The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...
The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...Amazon Web Services
 
AWS IoT Day - Introduction
AWS IoT Day - IntroductionAWS IoT Day - Introduction
AWS IoT Day - IntroductionAmazon Web Services
 

More Related Content

What's hot

Smart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your SensorSmart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your SensorPeter Waher
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
June 2016 Worldwide Netskope Cloud Report
June 2016 Worldwide Netskope Cloud Report June 2016 Worldwide Netskope Cloud Report
June 2016 Worldwide Netskope Cloud Report Netskope
 
Smart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart CitySmart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart CityPeter Waher
 
Smart City Lab 1 - Sensors and Actuators
Smart City Lab 1 - Sensors and ActuatorsSmart City Lab 1 - Sensors and Actuators
Smart City Lab 1 - Sensors and ActuatorsPeter Waher
 
Smart City Lab 6 - Decision Support for your Devices
Smart City Lab 6 - Decision Support for your DevicesSmart City Lab 6 - Decision Support for your Devices
Smart City Lab 6 - Decision Support for your DevicesPeter Waher
 
Smart City Lab 2 - Connect and Chat with your Device
Smart City Lab 2 - Connect and Chat with your DeviceSmart City Lab 2 - Connect and Chat with your Device
Smart City Lab 2 - Connect and Chat with your DevicePeter Waher
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Mark Silverberg
 
Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Jacklin Berry
 
Charting the Course Through Disruption with CSA Research
Charting the Course Through Disruption with CSA ResearchCharting the Course Through Disruption with CSA Research
Charting the Course Through Disruption with CSA ResearchCarolina Ozán
 
APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019
APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019
APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019Daniel Weiss
 
SYN111: What's New and Exciting with XenMobile
SYN111: What's New and Exciting with XenMobileSYN111: What's New and Exciting with XenMobile
SYN111: What's New and Exciting with XenMobileCitrix
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cloudflare
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...Cloudflare
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationCloudLock
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Garantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoGarantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoCristian Garcia G.
 
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...MarketingArrowECS_CZ
 
SYN 321: Securing the Published Browser
SYN 321: Securing the Published BrowserSYN 321: Securing the Published Browser
SYN 321: Securing the Published BrowserCitrix
 

What's hot (20)

Smart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your SensorSmart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your Sensor
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
June 2016 Worldwide Netskope Cloud Report
June 2016 Worldwide Netskope Cloud Report June 2016 Worldwide Netskope Cloud Report
June 2016 Worldwide Netskope Cloud Report
 
Smart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart CitySmart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart City
 
Smart City Lab 1 - Sensors and Actuators
Smart City Lab 1 - Sensors and ActuatorsSmart City Lab 1 - Sensors and Actuators
Smart City Lab 1 - Sensors and Actuators
 
Smart City Lab 6 - Decision Support for your Devices
Smart City Lab 6 - Decision Support for your DevicesSmart City Lab 6 - Decision Support for your Devices
Smart City Lab 6 - Decision Support for your Devices
 
Smart City Lab 2 - Connect and Chat with your Device
Smart City Lab 2 - Connect and Chat with your DeviceSmart City Lab 2 - Connect and Chat with your Device
Smart City Lab 2 - Connect and Chat with your Device
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
 
Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Is your cloud GDPR compliant?
Is your cloud GDPR compliant?
 
Charting the Course Through Disruption with CSA Research
Charting the Course Through Disruption with CSA ResearchCharting the Course Through Disruption with CSA Research
Charting the Course Through Disruption with CSA Research
 
APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019
APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019
APT ATT&CK - Threat-based Purple Teaming with ATT&CK - x33fcon 2019
 
SYN111: What's New and Exciting with XenMobile
SYN111: What's New and Exciting with XenMobileSYN111: What's New and Exciting with XenMobile
SYN111: What's New and Exciting with XenMobile
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
 
SIEM game changer
SIEM game changerSIEM game changer
SIEM game changer
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
Garantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian PrietoGarantice la continuidad de su negocio Damian Prieto
Garantice la continuidad de su negocio Damian Prieto
 
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
 
SYN 321: Securing the Published Browser
SYN 321: Securing the Published BrowserSYN 321: Securing the Published Browser
SYN 321: Securing the Published Browser
 

Similar to What's New with ATTACK for Cloud?

The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...
The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...
The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...Amazon Web Services
 
Observability Enhancements in Steeltoe
Observability Enhancements in Steeltoe Observability Enhancements in Steeltoe
Observability Enhancements in Steeltoe VMware Tanzu
 
Getting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS SummitGetting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS SummitAmazon Web Services
 
NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...
NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...
NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...Amazon Web Services
 
ThousandEyes Webinar - Clash of the Clouds
ThousandEyes Webinar - Clash of the CloudsThousandEyes Webinar - Clash of the Clouds
ThousandEyes Webinar - Clash of the CloudsThousandEyes
 
Partner Briefing_January 25 (FINAL).pptx
Partner Briefing_January 25 (FINAL).pptxPartner Briefing_January 25 (FINAL).pptx
Partner Briefing_January 25 (FINAL).pptxCloudera, Inc.
 
IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services
IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services
IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services Torsten Steinbach
 
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...Amazon Web Services
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...
Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...
Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...Amazon Web Services
 
AWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
AWSome Day Online 2020_Module 1: Introduction to the AWS CloudAWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
AWSome Day Online 2020_Module 1: Introduction to the AWS CloudAmazon Web Services
 
Jahia Cloud Offerings by Julian Maurel & Abass Safoutou
Jahia Cloud Offerings by Julian Maurel & Abass SafoutouJahia Cloud Offerings by Julian Maurel & Abass Safoutou
Jahia Cloud Offerings by Julian Maurel & Abass SafoutouJahia Solutions Group
 
Case Study: Creating a DocOps/Docs-As-Code DevPortal for C3.ai
Case Study: Creating a DocOps/Docs-As-Code DevPortal for C3.aiCase Study: Creating a DocOps/Docs-As-Code DevPortal for C3.ai
Case Study: Creating a DocOps/Docs-As-Code DevPortal for C3.aiPronovix
 
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018Amazon Web Services
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSAmazon Web Services
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Amazon Web Services
 
WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...
WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...
WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...Jill Kirkpatrick
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitAmazon Web Services
 

Similar to What's New with ATTACK for Cloud? (20)

The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...
The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...
The Intelligent Edge for IoT: Help Customers Harness the Power of Connected I...
 
AWS IoT Day - Introduction
AWS IoT Day - IntroductionAWS IoT Day - Introduction
AWS IoT Day - Introduction
 
Observability Enhancements in Steeltoe
Observability Enhancements in Steeltoe Observability Enhancements in Steeltoe
Observability Enhancements in Steeltoe
 
Getting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS SummitGetting started with AWS IoT Core - SVC306 - New York AWS Summit
Getting started with AWS IoT Core - SVC306 - New York AWS Summit
 
Public Cloud Security Blueprint
Public Cloud Security BlueprintPublic Cloud Security Blueprint
Public Cloud Security Blueprint
 
NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...
NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...
NexAIoT brings the AIoT to live for Industry and shapes the ecosystem of Smar...
 
ThousandEyes Webinar - Clash of the Clouds
ThousandEyes Webinar - Clash of the CloudsThousandEyes Webinar - Clash of the Clouds
ThousandEyes Webinar - Clash of the Clouds
 
Partner Briefing_January 25 (FINAL).pptx
Partner Briefing_January 25 (FINAL).pptxPartner Briefing_January 25 (FINAL).pptx
Partner Briefing_January 25 (FINAL).pptx
 
IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services
IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services
IBM THINK 2020 - Cloud Data Lake with IBM Cloud Data Services
 
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...
Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...
Driving Overall Equipment Effectiveness with AWS IoT SiteWise - SVC213 - Chic...
 
AWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
AWSome Day Online 2020_Module 1: Introduction to the AWS CloudAWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
AWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
 
Jahia Cloud Offerings by Julian Maurel & Abass Safoutou
Jahia Cloud Offerings by Julian Maurel & Abass SafoutouJahia Cloud Offerings by Julian Maurel & Abass Safoutou
Jahia Cloud Offerings by Julian Maurel & Abass Safoutou
 
Case Study: Creating a DocOps/Docs-As-Code DevPortal for C3.ai
Case Study: Creating a DocOps/Docs-As-Code DevPortal for C3.aiCase Study: Creating a DocOps/Docs-As-Code DevPortal for C3.ai
Case Study: Creating a DocOps/Docs-As-Code DevPortal for C3.ai
 
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWS
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
 
WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...
WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...
WoodMac Research Spotlight: Strategically Shifting to Become the Utility of t...
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
 

More from MITRE - ATT&CKcon

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?MITRE - ATT&CKcon
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesMITRE - ATT&CKcon
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-TechniquesMITRE - ATT&CKcon
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 

More from MITRE - ATT&CKcon (20)

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - January
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have Changed
 
Putting the PRE into ATTACK
Putting the PRE into ATTACKPutting the PRE into ATTACK
Putting the PRE into ATTACK
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the Matrices
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis Question
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - December
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
 

Recently uploaded

Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...HyderabadDolls
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Partito democratico
 
An Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCCAn Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCCNAP Global Network
 
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiVasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiPriya Reddy
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlEdouardHusson
 
A Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental CrisisA Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental CrisisChristina Parmionova
 
2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.Christina Parmionova
 
Honasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdfHonasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdfSocial Samosa
 
World Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterWorld Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterChristina Parmionova
 
31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.Christina Parmionova
 
The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learningNAP Global Network
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCNAP Global Network
 
Pakistani Call girls in Sharjah 0505086370 Sharjah Call girls
Pakistani Call girls in Sharjah 0505086370 Sharjah Call girlsPakistani Call girls in Sharjah 0505086370 Sharjah Call girls
Pakistani Call girls in Sharjah 0505086370 Sharjah Call girlsMonica Sydney
 
2024 UNESCO/Guillermo Cano World Press Freedom Prize
2024 UNESCO/Guillermo Cano World Press Freedom Prize2024 UNESCO/Guillermo Cano World Press Freedom Prize
2024 UNESCO/Guillermo Cano World Press Freedom PrizeChristina Parmionova
 
Call Girls in Moti Bagh (delhi) call me [8448380779] escort service 24X7
Call Girls in Moti Bagh (delhi) call me [8448380779] escort service 24X7Call Girls in Moti Bagh (delhi) call me [8448380779] escort service 24X7
Call Girls in Moti Bagh (delhi) call me [8448380779] escort service 24X7Delhi Call girls
 
NAP Expo - Delivering effective and adequate adaptation.pptx
NAP Expo - Delivering effective and adequate adaptation.pptxNAP Expo - Delivering effective and adequate adaptation.pptx
NAP Expo - Delivering effective and adequate adaptation.pptxNAP Global Network
 
Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)NAP Global Network
 
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Namrata Singh
 
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Menggugurkan Kandungan 087776558899
 

Recently uploaded (20)

Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019
 
An Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCCAn Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCC
 
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiVasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
A Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental CrisisA Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental Crisis
 
2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.
 
Honasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdfHonasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdf
 
World Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterWorld Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - Poster
 
tOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTRtOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTR
 
31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.
 
The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learning
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCC
 
Pakistani Call girls in Sharjah 0505086370 Sharjah Call girls
Pakistani Call girls in Sharjah 0505086370 Sharjah Call girlsPakistani Call girls in Sharjah 0505086370 Sharjah Call girls
Pakistani Call girls in Sharjah 0505086370 Sharjah Call girls
 
2024 UNESCO/Guillermo Cano World Press Freedom Prize
2024 UNESCO/Guillermo Cano World Press Freedom Prize2024 UNESCO/Guillermo Cano World Press Freedom Prize
2024 UNESCO/Guillermo Cano World Press Freedom Prize
 
Call Girls in Moti Bagh (delhi) call me [8448380779] escort service 24X7
Call Girls in Moti Bagh (delhi) call me [8448380779] escort service 24X7Call Girls in Moti Bagh (delhi) call me [8448380779] escort service 24X7
Call Girls in Moti Bagh (delhi) call me [8448380779] escort service 24X7
 
NAP Expo - Delivering effective and adequate adaptation.pptx
NAP Expo - Delivering effective and adequate adaptation.pptxNAP Expo - Delivering effective and adequate adaptation.pptx
NAP Expo - Delivering effective and adequate adaptation.pptx
 
Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)
 
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
 
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
 

What's New with ATTACK for Cloud?

  • 1. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 � for Cloud? Jen Burns @snarejen @MITREattack
  • 2. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-000000 | 90 | for Cloud Credit to Dave Herrald and Ryan Kovar
  • 3. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 ATT&CK for Cloud Beginnings Initial Release October 2019 Part of Enterprise ATT&CK Almost 100% community- contributed techniques! Input from: A cloud service provider Threat analysts Detection analysts Red teams
  • 4. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 ATT&CK for Cloud Today
  • 5. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 ATT&CK for Cloud Scope Add techniques generally visible via Cloud data sources AWS CloudTrail Logs Azure Activity Logs Office365 Audit Logs etc Minimize duplication across Windows/Linux/macOS Cloud is meant to add an additional layer to ATT&CK Example:
  • 6. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Future of Cloud Platforms Current Future SaaS IaaS Additional SaaS Additional SaaS Additional SaaS SaaS
  • 7. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Why generalize to IaaS? Current IaaS platforms share most techniques Differences between Cloud Service Providers (CSPs) can be documented within the technique All CSPs can be represented Community feedback favors a single platform
  • 8. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Cloud Data Sources Today AWS CloudTrail logs Azure activity logs GCP audit logs Oauth audit logs
  • 9. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Future of Cloud Data Sources Data Source One or more Data Components Mapping(s) to Relevant Azure Operation Name(s) Mapping(s) to Relevant AWS CloudTrail Event Name(s) Mapping(s) to Relevant GCP REST API Method(s) Mapping(s) to Other CSPs or SaaS Events https://media.giphy.com/media/l41m6QYDHcEEwjo52/giphy.gif
  • 10. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Example IaaS Data Source Instance Data Source Data Component Events (API) Instance Creation Instance Modification Instance Deletion Instance Metadata Instance Enumeration Instance Start Instance Stop AWS: ListInstances AWS: ModifyInstanceAttribute AWS: TerminateInstances AWS: DescribeInstances AWS: RunInstances AWS: StartInstances AWS: StopInstances
  • 11. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 Why the change? Ensure approach is consistent with the rest of Enterprise Suggest reading blog from Jose Luis Rodriguez https://medium.com/mitre-attack/defining-attack-data-sources-part-i- 4c39e581454f Create more meaningful data sources for Cloud Refactor to align to events and API calls within these logs instead Align to future Cloud platform updates
  • 12. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 We need your help! thoughts on how can we improve ATT&CK for Cloud? opinions on our platform or data source plans?
  • 13. �2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-13 attack@mitre.org @MITREattack Jen Burns @snarejen