Why a Decade of Writing Detection Logic Makes the Mythos Exploit Numbers Less Scary
ATT&CK techniques detected
T1059.001PowerShell
90%
“can layer more, such as powershell executing a. ps1 file downloaded from the web. as a detection engineer, my job is to overlap enough behaviors that when one fires, the others raise the confidence it ’ s actually malicious, typically by tying them to scores in a risk - based ale…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
84%
“why a decade of writing detection logic makes the mythos exploit numbers less scary why a decade of writing detection logic makes the mythos exploit numbers less scary mythos is finding thousands of vulnerabilities. defenders aren ' t doomed. detection has never been 1 : 1 with e…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
67%
“##elligence agency. i ’ ve worked for a fortune 100 doing detection at an enterprise scale most engineers never get to see, and put out the first public white paper on detection as code. all of that to say, i ’ ve been at it for quite some time now. while i think the short - term…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
58%
“difficult than one might think. for example, in 2022 microsoft changed the default so that office documents arriving from the internet, those tagged with mark of the web ( motw ), would no longer run macros, requiring the user to right - click the document and choose unblock or r…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…