DeTT&CT: Mapping your Blue Team to MITRE ATT&CK™

A month ago we, Ruben and Marcus, released the first version of DeTT&CT. It was created at the Cyber Defence Centre of Rabobank, and built atop of MITRE ATT&CK. DeTT&CT stands for: DEtect Tactics, Techniques & Combat Threats. Today we released version 1.1, which contains multiple improvements: changelog. Most changes are related to additional functionality to allow more detailed administration of your visibility and detection.

By creating DeTT&CT we aim to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours. All of which can help, in different ways, to get more resilient against attacks targeting your organisation.

In this blog we start off with an introduction on ATT&CK and continue with how DeTT&CT can be used within your organisation. Detailed information about DeTT&CT and how it can be used, is documented on the GitHub Wiki pages. Therefore, the explanation we give in this blog will be high-level.

Door |2024-08-26T15:03:54+00:00mei 16, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor DeTT&CT: Mapping your Blue Team to MITRE ATT&CK™

TaHiTI – Threat Hunting Methodology

During several months we worked together with a number of Dutch financial institutions to create the threat hunting methodology called TaHiTI. Which stands for Targeted Hunting integrating Threat Intelligence. You can obtain it from here: https://www.betaalvereniging.nl/en/safety/tahiti.

The goal of this collaboration was to reach a joint understanding of what threat hunting is and to come up with a common approach how to carry out threat hunting. As the name implies, threat intelligence has an important role within this methodology. It is used as a source for creating hunting hypotheses and during the hunting investigation to further contextualize and enrich the hunt.

Door |2024-02-17T12:18:12+00:00januari 10, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor TaHiTI – Threat Hunting Methodology

OPSEC for Blue Teams part 3- Sandboxes & Secure Communications

This will be the last blog in this series on OPSEC for Blue Teams. I will share some of my thoughts on sandboxes, secure communications and sharing of info & data, when dealing with a targeted attack.

OPSEC for Blue Teams part 1 - Losing Defender's Advantage can be found here.
OPSEC for Blue Teams part 2 - Testing PassiveTotal & VirusTotal can be found here.

Door |2024-08-26T13:46:36+00:00oktober 25, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor OPSEC for Blue Teams part 3- Sandboxes & Secure Communications
Ga naar de bovenkant