November 18th 2021, SOCCRATES presented at FIRST TC Norway

Get in contact

Adversary Emulation Planner Based On MITRE ATT&CK | Siri Bromander, mnemonic

The MITRE Adversary Tactics, Techniques and Common Knowledge  (ATT&CK) knowledge base is a very useful resource for information  security professionals. ATT&CK has become the de facto industry  standard for tactical threat intelligence.

ATT&CK contains adversary tactics and techniques, as well as  relationships linking techniques to adversary groups and software.  However, ATT&CK does not describe any relationships or dependencies  between techniques. This makes generating adversary emulation  plans hard, since sequencing of techniques must be done manually, i.e.  assigning techniques to different stages of an intrusion.

Our first step towards automating the generation of adversary emulation  plans is semantic modelling of dependencies between ATT&CK  techniques and development of tool support to generate attack stages  based on techniques in ATT&CK.

This presentation covers how and why we selected our modelling approach,  the tools that we developed, and use cases with examples highlighting  how the tools are useful.

Siri Bromander leads  the Research and Development team at mnemonic.  She holds a PhD from the  University of Oslo and a MsC in telematics/information security from  NTNU. She has worked in mnemonic since 2008  and has more than 14 years of work experience in IT security and  information security research roles, including serving as Security  Manager at mnemonic for five years.

Copyright 2024 Soccrates
Developed by Convident