From 52aee1c2194b31dc094846494e8828c0a0924557 Mon Sep 17 00:00:00 2001 From: adpare Date: Thu, 25 Jan 2024 14:18:22 -0500 Subject: [PATCH 1/6] fix on attack data and tools page --- modules/resources/templates/attack-data-and-tools.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/resources/templates/attack-data-and-tools.html b/modules/resources/templates/attack-data-and-tools.html index 987e9485f1e..34be897b017 100644 --- a/modules/resources/templates/attack-data-and-tools.html +++ b/modules/resources/templates/attack-data-and-tools.html @@ -14,12 +14,12 @@
  1. Home
  2. Resources
    3. -
  3. Access Data & Tools
    4. +
  4. ATT&CK Data & Tools
-

Access Data & Tools

+

ATT&CK Data & Tools

@@ -146,7 +146,7 @@

ATT&CK in STIX

- MITRE CTI Example + MITRE CTI Example
@@ -255,7 +255,7 @@

ATT&CK in Excel

- Excel Example + Excel Example
From 646e24dbccfb1bf851762bab7bf6306faaaf003c Mon Sep 17 00:00:00 2001 From: adpare Date: Tue, 30 Jan 2024 13:17:09 -0500 Subject: [PATCH 2/6] changed priority of random page --- modules/random_page/random_page_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/random_page/random_page_config.py b/modules/random_page/random_page_config.py index 402455270b4..c1a47c54c14 100644 --- a/modules/random_page/random_page_config.py +++ b/modules/random_page/random_page_config.py @@ -1,2 +1,2 @@ module_name = "random_page" -priority = 20 +priority = 16.1 From 90a0ea5e4db7a6234f25db8b7612aae07a684c23 Mon Sep 17 00:00:00 2001 From: Jared Ondricek <90368810+jondricek@users.noreply.github.com> Date: Fri, 2 Feb 2024 14:43:22 -0600 Subject: [PATCH 3/6] Add Lightning Talk YouTube links --- data/attackcon.json | 68 ++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/data/attackcon.json b/data/attackcon.json index d091f9886a2..eea866476c3 100644 --- a/data/attackcon.json +++ b/data/attackcon.json @@ -334,28 +334,27 @@ "slides": "https://www.slideshare.net/MITREATTACK/updates-from-the-center-for-threatinformed-defense" }, { - "title": "Lightning Talk: Automating testing by implementing ATT&CK using the Blackboard Architecture", + "title": "Lightning Talk: The case for quishing", "presenters": [ { - "names": ["Jeremy Straub"], - "organization": "NDSU Cybersecurity Institute" + "names": ["Brian Donohue"], + "organization": "Red Canary" } ], - "description": "This presentation will briefly summarize work that we've done regarding implementing the ATT&CK framework as a rule-fact-action network within a Blackboard Architecture, allowing the ATT&CK framework to enable security testing automation. The presentation will start with a quick summary of the concept behind this and then present a few implementation examples.", - "video": "https://mitre.brandlive.com/ATTACKCon-4-0/en/session/37f1382e-9473-11ee-92f3-b34fc23cb3e6", - "slides": "https://www.slideshare.net/MITREATTACK/automating-testing-by-implementing-attck-using-the-blackboard-architecture" + "description": "Despite an absurd (or maybe disgusting) name, quishing is emerging as an undeniable risk to organizations. Sure, it's offered adversaries an avenue for initial access for many years, and, yes, public reporting on such incidents has been somewhat underwhelming. However, QR codes are officially ubiquitous, people are extremely comfortable with them, and, in the coming years, quishing is bound to become a powerful and reliable weapon in the arsenal of sophisticated adversaries. In 5 minutes of compelling and persuasive speech, I'll make the case for why Quishing deserves to be a standalone sub-technique of phishing in the enterprise ATT&CK® matrix.", + "video": "https://youtu.be/TsrOYObSMO4?si=oKhghRS2bs91b7-B&t=58", + "slides": "https://www.slideshare.net/MITREATTACK/the-case-for-quishing" }, { - "title": "Lightning Talk: The case for quishing", + "title": "Lightning Talk: Enhancing Breach and Attack Simulation (BAS) Impact with MITRE ATT&CK and LLMs", "presenters": [ { - "names": ["Brian Donohue"], - "organization": "Red Canary" + "names": ["Jose Barajas"], + "organization": "AttackIQ" } ], - "description": "Despite an absurd (or maybe disgusting) name, quishing is emerging as an undeniable risk to organizations. Sure, it's offered adversaries an avenue for initial access for many years, and, yes, public reporting on such incidents has been somewhat underwhelming. However, QR codes are officially ubiquitous, people are extremely comfortable with them, and, in the coming years, quishing is bound to become a powerful and reliable weapon in the arsenal of sophisticated adversaries. In 5 minutes of compelling and persuasive speech, I'll make the case for why Quishing deserves to be a standalone sub-technique of phishing in the enterprise ATT&CK® matrix.", - "video": "https://mitre.brandlive.com/ATTACKCon-4-0/en/session/37f1382e-9473-11ee-92f3-b34fc23cb3e6", - "slides": "https://www.slideshare.net/MITREATTACK/the-case-for-quishing" + "description": "The evolving complexity and sophistication of cyber threats necessitate a robust and automated approach to threat report analysis and mapping. Leveraging the power of large language models (LLMs) in conjunction with the MITRE ATT&CK framework can dramatically streamline this process. We, at AttackIQ, are developing a process leveraging LLMs to not only extract the ATT&CK tactics and techniques from cyber threat reports, but also parsing the equally crucial information such as the command line snippets, implementation methodology, image-to-text conversions, etc. in order to significantly reduce the amount of time and manpower spent in threat report mapping while enabling the teams to focus on more critical aspects of BAS scenario development.", + "video": "https://youtu.be/TsrOYObSMO4?si=P4swHrpJtfdIEiaL&t=338" }, { "title": "Lightning Talk: Discussion on Finding Relationships in Cyber Data", @@ -366,19 +365,19 @@ } ], "description": "Capital One is currently building a Security Graph to tie together various Cyber Teams and their data -- Controls, Objectives, Tools, and Countermeasures, Threats. It is an ambitious project that will help us identify gaps and focus our controls on the most likely and persistent threats. It is a work in progress that is using MITRE ATT&CK and D3FEND as a \"lingua franca\" to tie together the elements of the graph, so we have a common understanding across the enterprise.", - "video": "https://mitre.brandlive.com/ATTACKCon-4-0/en/session/37f1382e-9473-11ee-92f3-b34fc23cb3e6", + "video": "https://youtu.be/TsrOYObSMO4?si=Z-Nn_qQMCaOsuk7m&t=621", "slides": "https://www.slideshare.net/MITREATTACK/discussion-on-finding-relationships-in-cyber-data" }, { - "title": "Lightning Talk: ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)", + "title": "Lightning Talk: ATT&CK STIX mapping challenges", "presenters": [ { - "names": ["Scott Small"], - "organization": "Tidal Cyber" + "names": ["Jason Keirstead"], + "organization": "Cyware" } ], - "description": "This metrics- and meme-based lightning session spotlights the success story that is the CTI industry’s impressive (and expanding) adoption of ATT&CK in their products. Using nearly 6 years’ worth of ATT&CK-mapped, public threat reports collected from government, vendor, & independent sources, we’ll show how the rate (and detail) of mapping has increased considerably, while showcasing (anonymized) examples of high-quality end-products, with the aim of inspiring further ATT&CK adoption in this important corner of the field.", - "video": "https://mitre.brandlive.com/ATTACKCon-4-0/en/session/37f1382e-9473-11ee-92f3-b34fc23cb3e6" + "description": "MITRE provides a set of robust STIX objects that implement the entire ATT&CK matrix (it is actually the reference data). However, there is a challenge as there is no official recommended way from MITRE on how someone should REFERENCE these objects inside their own STIX data. As a result, vendors amd threat providers have created many incompatible ways to reference ATT&CK techniques. We will show a few examples of this, talk about how it creates challenges, and suggest a path forward for the community.", + "video": "https://youtu.be/TsrOYObSMO4?si=eXkXK0IsgJw6LSJJ&t=937" }, { "title": "Lightning Talk: Adjectives for ATT&CK", @@ -389,41 +388,42 @@ } ], "description": "If you tell me an attacker performed OS Credential Dumping, did they dump credentials with meterpreter, recompile mimikatz, or use a custom tool? The technique reference lacks a way to categorize how they performed the action and each type requires its own mitigation. In this talk, Ben Langirll will propose formal adjectives for ATT&CK techniques that map to adversary capabilities and how we can use them to optimize defensive choices.", - "video": "https://mitre.brandlive.com/ATTACKCon-4-0/en/session/37f1382e-9473-11ee-92f3-b34fc23cb3e6", + "video": "https://youtu.be/TsrOYObSMO4?si=pKsLpSbE4_5WdScA&t=1221", "slides": "https://www.slideshare.net/MITREATTACK/adjectives-for-attck" }, { - "title": "Lightning Talk: ATT&CK STIX mapping challenges", + "title": "Lightning Talk: Of Lenses and Layers", "presenters": [ { - "names": ["Jason Keirstead"], - "organization": "Cyware" + "names": ["Andrew Malone"], + "organization": "JetBlue" } ], - "description": "MITRE provides a set of robust STIX objects that implement the entire ATT&CK matrix (it is actually the reference data). However, there is a challenge as there is no official recommended way from MITRE on how someone should REFERENCE these objects inside their own STIX data. As a result, vendors amd threat providers have created many incompatible ways to reference ATT&CK techniques. We will show a few examples of this, talk about how it creates challenges, and suggest a path forward for the community.", - "video": "https://mitre.brandlive.com/ATTACKCon-4-0/en/session/37f1382e-9473-11ee-92f3-b34fc23cb3e6" + "description": "Many use the ATT&CK matrix to map tool coverage across the environment. This blanket coverage is a good baseline but it can miss certain aspects of the enterprise's context like risk levels, organisational priorities, and industry specific threat intelligence. I want to discuss ways to layer these lenses on top of an enterprise mapping to make ATT&CK more relevant to the specific enterprise. If done right this can lead to more actionable metrics and reporting on improvements.", + "video": "https://youtu.be/TsrOYObSMO4?si=pkg565FUFuOh_f7X&t=1507" }, { - "title": "Lightning Talk: Of Lenses and Layers", + "title": "Lightning Talk: ATT&CK’s Adoption in CTI: A Great Success (with Room to Grow!)", "presenters": [ { - "names": ["Andrew Malone"], - "organization": "JetBlue" + "names": ["Scott Small"], + "organization": "Tidal Cyber" } ], - "description": "Many use the ATT&CK matrix to map tool coverage across the environment. This blanket coverage is a good baseline but it can miss certain aspects of the enterprise's context like risk levels, organisational priorities, and industry specific threat intelligence. I want to discuss ways to layer these lenses on top of an enterprise mapping to make ATT&CK more relevant to the specific enterprise. If done right this can lead to more actionable metrics and reporting on improvements.", - "video": "https://mitre.brandlive.com/ATTACKCon-4-0/en/session/37f1382e-9473-11ee-92f3-b34fc23cb3e6" + "description": "This metrics- and meme-based lightning session spotlights the success story that is the CTI industry’s impressive (and expanding) adoption of ATT&CK in their products. Using nearly 6 years’ worth of ATT&CK-mapped, public threat reports collected from government, vendor, & independent sources, we’ll show how the rate (and detail) of mapping has increased considerably, while showcasing (anonymized) examples of high-quality end-products, with the aim of inspiring further ATT&CK adoption in this important corner of the field.", + "video": "https://youtu.be/TsrOYObSMO4?si=iqw3wjOGyPIMtApY&t=1794" }, { - "title": "Lightning Talk: Enhancing Breach and Attack Simulation (BAS) Impact with MITRE ATT&CK and LLMs", + "title": "Lightning Talk: Automating testing by implementing ATT&CK using the Blackboard Architecture", "presenters": [ { - "names": ["Jose Barajas"], - "organization": "AttackIQ" + "names": ["Jeremy Straub"], + "organization": "NDSU Cybersecurity Institute" } ], - "description": "The evolving complexity and sophistication of cyber threats necessitate a robust and automated approach to threat report analysis and mapping. Leveraging the power of large language models (LLMs) in conjunction with the MITRE ATT&CK framework can dramatically streamline this process. We, at AttackIQ, are developing a process leveraging LLMs to not only extract the ATT&CK tactics and techniques from cyber threat reports, but also parsing the equally crucial information such as the command line snippets, implementation methodology, image-to-text conversions, etc. in order to significantly reduce the amount of time and manpower spent in threat report mapping while enabling the teams to focus on more critical aspects of BAS scenario development.", - "video": "https://mitre.brandlive.com/ATTACKCon-4-0/en/session/37f1382e-9473-11ee-92f3-b34fc23cb3e6" + "description": "This presentation will briefly summarize work that we've done regarding implementing the ATT&CK framework as a rule-fact-action network within a Blackboard Architecture, allowing the ATT&CK framework to enable security testing automation. The presentation will start with a quick summary of the concept behind this and then present a few implementation examples.", + "video": "https://youtu.be/TsrOYObSMO4?si=bEJ6ZvUJQU3J3nwe&t=2114", + "slides": "https://www.slideshare.net/MITREATTACK/automating-testing-by-implementing-attck-using-the-blackboard-architecture" } ] }, From 8279949c4e77320f065540d38db478640be7a6d7 Mon Sep 17 00:00:00 2001 From: adpare Date: Mon, 5 Feb 2024 13:22:33 -0500 Subject: [PATCH 4/6] updated changelog --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0129429691f..4266f671343 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# v4.1.0 (2024-02-05) + +## Misc + +* Added Lightning Talk YouTube links for ATT&CKCon 4.0 + +## Bugfixes + +* Changed priority of random page module to be able to load pages from the random page button and dropdown +* Fixed title and images on attack data and tools page + # v4.1.0 (2024-01-22) ## Bugfixes From d9cc622f6391369f81850dc05cbade781a2bf963 Mon Sep 17 00:00:00 2001 From: Jared Ondricek Date: Tue, 6 Feb 2024 15:24:24 -0600 Subject: [PATCH 5/6] Update version to 4.1.1 --- CHANGELOG.md | 2 +- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4266f671343..5a3213faa31 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# v4.1.0 (2024-02-05) +# v4.1.1 (2024-02-05) ## Misc diff --git a/pyproject.toml b/pyproject.toml index e1fd42b6861..54800da16ff 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ profile = "black" [tool.towncrier] name = "ATT&CK website" - version = "4.1.0" + version = "4.1.1" filename = "CHANGELOG.md" issue_format = "[#{issue}](https://github.com/mitre-attack/attack-website/issues/{issue})" template = ".towncrier.template.md" From e735d88d17a3eb6c30107ac0730bfcfbdb832da7 Mon Sep 17 00:00:00 2001 From: Jared Ondricek Date: Tue, 6 Feb 2024 15:28:08 -0600 Subject: [PATCH 6/6] Update banner message --- website-banner.production | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website-banner.production b/website-banner.production index 4a0d5defefe..6a4e41ca48e 100644 --- a/website-banner.production +++ b/website-banner.production @@ -1 +1 @@ -ATT&CK v14 has been released! Check out the blog post or release notes for more information. \ No newline at end of file +Thank you to SOC Prime for becoming ATT&CK's first Benefactor. To join them, or learn more about this program visit our Benefactors page. \ No newline at end of file