CYB455

MITRE ATT&CK framework is a comprehensive knowledge of attack patterns and widely used in the field of cybersecurity to describe the tactics, techniques and procedures (i.e. actions and behaviors) employed by threat actors. It provides an stardadized way to describe cyberattacks. This page shows the 14 tactics (e.g. Intial Access, Prviledge Escalation and Exfiltration) and under each tactic, several techniques, which show how adversaris accomplish a given tactic, are listed. Zooming into techniques show the implementation level procedures used by threat actors.

IBM Technology. (2023, January 9). Cybersecurity Threat Hunting Explained [Video]. YouTube. https://www.youtube.com/watch?v=VNp35Uw_bSM
This video describes the progression of attacks in an enterprise network and how to hunt for them before being attacked or soon after attacked. Sepecifically, it describe the proactive thinking involved in threat hunting and connecting various dots such as indicators of compromise, indicators of attacks and network logs to find impending attacks or on-going attacks.

IBM Technology. (2022, December 29). What Is SIEM? [Video]. YouTube. https://www.youtube.com/watch?v=9RfsRn7m7OE
This video describes what SIEM and why threat hunters use SIEM tools to analyze and correlate various events to find high fidelity alerts that can lead to uncover attacks.

This 52 minute course show to manage security events in Splunk. You can download the free version of Splunk to follow this tutorial. You will also learn how to handle threats, report them and make actionable recommendations to improve the security posture.

Conti ransomware is believed to have emerged in the first half of 2023 and is considered a successor to the Ryuk ransomware. It employes strong encryption algorithms to encrypt victim’s files and often exfiltrates the files before encrypting. This link shows how TTPs used by Conti maps to the MITRE ATT&CK framework.