Adversary Emulation Planner Based On MITRE ATT&CK | Siri Bromander, mnemonic
The MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK) knowledge base is a very useful resource for information security professionals. ATT&CK has become the de facto industry standard for tactical threat intelligence.
ATT&CK contains adversary tactics and techniques, as well as relationships linking techniques to adversary groups and software. However, ATT&CK does not describe any relationships or dependencies between techniques. This makes generating adversary emulation plans hard, since sequencing of techniques must be done manually, i.e. assigning techniques to different stages of an intrusion.
Our first step towards automating the generation of adversary emulation plans is semantic modelling of dependencies between ATT&CK techniques and development of tool support to generate attack stages based on techniques in ATT&CK.
This presentation covers how and why we selected our modelling approach, the tools that we developed, and use cases with examples highlighting how the tools are useful.
Siri Bromander leads the Research and Development team at mnemonic. She holds a PhD from the University of Oslo and a MsC in telematics/information security from NTNU. She has worked in mnemonic since 2008 and has more than 14 years of work experience in IT security and information security research roles, including serving as Security Manager at mnemonic for five years.