Automating Attck Testing With Soar and Atomic Red Team

MITRE ATT&CK is the defacto framework for organizations to measure their defense posture. ATT&CK provides categorical verticals in the form of tactics, which align to the common methodologies attackers use. Within these verticals are a set (and subsets) of common ways in which attackers accomplish a tactic (vertical). These are known as techniques. Some techniques may be common across multiple operating systems. This usually equates to a broad definition of a technique. Continue reading

Making MITRE ATT&CK Actionable

The Swimlane Deep Dive team is excited to announce the release of pyattck 2.0 and an equivalent PowerShell version called PSAttck. These open-source tools provide security operations centers (SOCs), defenders and offensive security teams with external data points that enrich MITRE ATT&CK by providing potential commands, queries and even detections for specific techniques. Additionally, these data points enable context related to specific attacker actors or groups, as well as details about different tools used by malicious actors. Continue reading

Swimlane's Research Teams Open Sources pyattck

As security teams adopt the Mitre ATT&CK Framework to help them identify gaps in their defenses, having a way to identify what malware and tools are being used by specific actors or groups becomes more critical. Additionally, having a way to identify these relationships programatically is even more critical. Today, we are excited to announce the Swimlane research team has released pyattck — a Python package to interact with the Mitre ATT&CK Framework. Continue reading