Enhancing Operations Through the Tracking of Interactive Intrusion Campaigns
When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session explores how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team demonstrates how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.