November 18th 2021, SOCCRATES presented at FIRST TC Norway22-12-2021
Adversary Emulation Planner Based On MITRE ATT&CK | Siri Bromander, mnemonic
The MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK) knowledge base is a very useful resource for information security professionals. ATT&CK has become the de facto industry standard for tactical threat intelligence.
ATT&CK contains adversary tactics and techniques, as well as relationships linking techniques to adversary groups and software. However, ATT&CK does not describe any relationships or dependencies between techniques. This makes generating adversary emulation plans hard, since sequencing of techniques must be done manually, i.e. assigning techniques to different stages of an intrusion.
Our first step towards automating the generation of adversary emulation plans is semantic modelling of dependencies between ATT&CK techniques and development of tool support to generate attack stages based on techniques in ATT&CK.
This presentation covers how and why we selected our modelling approach, the tools that we developed, and use cases with examples highlighting how the tools are useful.
Siri Bromander leads the Research and Development team at mnemonic. She holds a PhD from the University of Oslo and a MsC in telematics/information security from NTNU. She has worked in mnemonic since 2008 and has more than 14 years of work experience in IT security and information security research roles, including serving as Security Manager at mnemonic for five years.
SOCCRATES at ONE conference 202111-10-2021
Martin Eian (mnemonic) has given a presentation at the ONE conference 2021 on ‘SOCCRATES Project – Automating Threat Intelligence and Adversary Emulation’. A video of the presentation can be viewed here.
Paper at IEEE CSR 2021 conference (Best Paper Award)30-07-2021
A. Gylling, M. Ekstedt, Z. Afzal, and P. Eliasson, “Mapping cyber threat intelligence to probabilistic attack graphs”, 2021 IEEE International Conference on Cyber Security and Resilience, July 2021. (Best research paper award). A summary of the paper can be found here.
The paper is based on the Master Thesis of Andreas Gylling, and can be found here.
SOCCRATES at Webinar SOC developments and pilots in CEF and H2020 projects, July 19th 202114-07-2021
This Monday a webinar is organized by the EU about SOC developments and pilots in CEF and H2020 projects. The webinar aims at supporting knowledge exchange on recent and future SOC (SOC-relevant ICT solutions) developments between beneficiaries, European Commission, ENISA and HaDEA. It helps finding synergies and maximizing the impact of projects by bringing together policy and projects with a specific focus on developing and establishing European SOCs included as a priority in the EU’s Cybersecurity Strategy for the Digital Decade.
Reinder Wolthuis (TNO) is invited to present SOCCRATES
SOCCRATES at 33rd Annual FIRST Conference23-06-2021
SOCCRATES provided two presentation at the (virtual) 33rd Annual FIRST Conference: “Crossing Uncertain Times,” on June 7-9, 2021.
* Martin Eian (mnemonic) provided a presentation on: ‘Adversary Emulation – Generating MITRE ATT&CK Technique Sequences’. The video is available on youtube.
* Erik Ringdahl (foreseeti) and Frank Fransen (TNO) provided a presentation on: ‘Attack Defense Graph Analysis for Supporting SOC and CSIRT Operations’. The video is available on youtube and slides are available below.