#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #malware #cloud #breach #phishing #ransomware #zero-day #authentication
Articles tagged with: #mitre-attack Clear filter
Upcoming Technical Security Talks & Workshops at BsidesNoVA - Oct 10 - 11 (Arlington VA)

Upcoming Technical Security Talks & Workshops at BsidesNoVA - Oct 10 - 11 (Arlington VA)

Technical Information Security Content & Discussion www.reddit.com

BsidesNoVA (Oct 10 - 11 at GMU Mason Square, Arlington VA) is a community-run, volunteer-organized security conference . Sharing here because several of this year's talks and workshops are deeply technical and may be of interest to practitioners and researchers in the DMV area: 🔹 Detection / Blue-Team / DFIR ATT&CK-driven detection engineering with Sigma & KQL Network-forensics in hybrid environments Memory-forensics at scale on Linux/macOS Threat-intel-driven hunts & breach-simulation lab 🔹...

#incident #detection-engineering #blue-team #breach #mitre-attack
How can I categorize AD use cases to minimize the number of IR playbooks?

How can I categorize AD use cases to minimize the number of IR playbooks?

cybersecurity www.reddit.com

Hello, I'm taking a module about SOC and I was given an assignment by my professor to categorize certain AD use cases so that instead of having one IR playbook per use case we would have one playbook per category and the use cases would be scenarios under said category that are processed the same way. I thought about using Mitre Att&ck tactics for the mapping but I was wondering if there was another way to categorize the use cases to minimize the number of playbooks even further and make the...

#mitre-attack
Microsoft, SentinelOne, and Palo Alto Networks Withdraw from 2026 MITRE ATT&CK Evaluations

Microsoft, SentinelOne, and Palo Alto Networks Withdraw from 2026 MITRE ATT&CK Evaluations

Cyber Security News cybersecuritynews.com

Three of the cybersecurity industry's most prominent vendors, Microsoft, SentinelOne, and Palo Alto Networks, have announced they will not participate in the 2026 MITRE ATT&CK Evaluations. The coordinated withdrawal marks a significant shift in how leading security companies approach independent product validation, with all three citing a strategic reallocation of resources toward internal innovation and customer-focused initiatives.

#mitre-attack
Microsoft, SentinelOne and Palo Alto declined participation in ATT&CK Evaluations for 2026

Microsoft, SentinelOne and Palo Alto declined participation in ATT&CK Evaluations for 2026

cybersecurity www.reddit.com

https://x.com/nickvangilder/status/1968313892741816718 Microsoft, SentinelOne and Palo Alto have withdrawn from the MITRE ATT&CK Evaluations for 2026 Microsoft After extensive deliberation, Microsoft has decided to not participate in the evaluation this year. This decision allows us to focus all our resources on the Secure Future Initiative and on delivering product innovation to our customers....

#mitre-attack
Advice needed: leadership wants "impactful results", but no threats to be found

Advice needed: leadership wants "impactful results", but no threats to be found

cybersecurity www.reddit.com

I'm a SOC analyst working with Microsoft Sentinel. The company network is highly restricted to start with. My team wrote a workbook of KQL queries that covers the most common threats of each MITRE ATT&CK tactic. But besides odd email attachments and occasional phishing links (quarantined; never clicked), we cannot find any threats. Leadership asked me to come up with "visible, impactful results" within the next 3 weeks for us to showcase to the directors. This is very important as it will make...

#phishing #mitre-attack
AegisShield: Democratizing Cyber Threat Modeling with Generative AI

AegisShield: Democratizing Cyber Threat Modeling with Generative AI

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.10482v1 Announce Type: new Abstract: The increasing sophistication of technology systems makes traditional threat modeling hard to scale, especially for small organizations with limited resources. This paper develops and evaluates AegisShield, a generative AI enhanced threat modeling tool that implements STRIDE and MITRE ATT&CK to automate threat generation and provide systematic assessments. By integrating real time threat intelligence from the National Vulnerability Database and...

#security-tools #vulnerability #patch-management #mitre-attack #threat-modeling
Looking for practical examples of MITRE ATT&CK TTPs beyond Atomic Red Team

Looking for practical examples of MITRE ATT&CK TTPs beyond Atomic Red Team

cybersecurity www.reddit.com

Hi everyone, I'm already familiar with and have worked with Atomic Red Team, but I'm looking for additional, more recent examples of how to apply each MITRE ATT&CK TTP in testing or simulation scenarios. Specifically, I'm interested in: Practical examples for each technique , not just basic demos. Cases where execution steps are detailed , with scripts, procedures, or applicable methodologies. Additional resources like GitHub repositories, blogs, or Reddit posts showing TTP application in red...

#red-team #mitre-attack
KnowHow: Automatically Applying High-Level CTI Knowledge for Interpretable and Accurate Provenance Analysis

KnowHow: Automatically Applying High-Level CTI Knowledge for Interpretable and Accurate Provenance Analysis

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.05698v1 Announce Type: new Abstract: High-level natural language knowledge in CTI reports, such as the ATT&CK framework, is beneficial to counter APT attacks. However, how to automatically apply the high-level knowledge in CTI reports in realistic attack detection systems, such as provenance analysis systems, is still an open problem. The challenge stems from the semantic gap between the knowledge and the low-level security logs: while the knowledge in CTI reports is written in...

#security-tools #incident #detection-engineering #mitre-attack #provenance
DetectPack Forge: Natural-Language to Sigma/KQL/SPL

DetectPack Forge: Natural-Language to Sigma/KQL/SPL

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Hey guys, I am kinda new to this but I've recently built an app/tool and I was hoping to get some reviews or comments on it to maybe make it better, so here it is: DetectPack Forge Turn plain-English behaviors or small log samples into production-ready detection packs - Sigma, KQL (Sentinel), and SPL (Splunk) - with tests and a short response playbook, all mapped to MITRE ATT&CK. What is this? DetectPack Forge is a helper for people learning or working with SIEMs. You describe a behavior...

#security-tools #detection-engineering #mitre-attack
Open-Source Cybersecurity Log Generator - Generate Realistic Enterprise Logs for SIEM Testing & Security Training with MITRE ATT&CK Integration [Free Tool]

Open-Source Cybersecurity Log Generator - Generate Realistic Enterprise Logs for SIEM Testing & Security Training with MITRE ATT&CK Integration [Free Tool]

cybersecurity www.reddit.com

Hey r/cybersecurity ! I wanted to share a comprehensive log generation tool I've been working on that I think could be really useful for SOC analysts, pen testers, security researchers, and anyone working with SIEM systems. What is it? It's an open-source cybersecurity log generator that creates realistic enterprise logs across 12+ different sources (authentication, firewalls, web servers, databases, cloud services, etc.) with some pretty cool features that go beyond basic log generation. Key...

#cloud #security-tools #authentication #siem #mitre-attack
Top 3 mitre techniques causing biggest damage/impact

Top 3 mitre techniques causing biggest damage/impact

cybersecurity www.reddit.com

Hello Team, I support several small clients (tens - few hundred employees) with limited budget. I'm building a short, high-impact priority list of MITRE ATT&CK techniques to defend against - the ones most associated with real losses (breach/leak/extortion). Draft shortlist (initial access / execution / persistence): - T1078 - Valid Accounts - T1566 - Phishing - T1190 - Exploit Public-Facing Application - T1059 - Command & Scripting Interpreter - T1133 - External Remote Services -...

#incident #phishing #exploit #breach #mitre-attack
KillChainGraph: ML Framework for Predicting and Mapping ATT&CK Techniques

KillChainGraph: ML Framework for Predicting and Mapping ATT&CK Techniques

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.18230v1 Announce Type: new Abstract: The escalating complexity and volume of cyberattacks demand proactive detection strategies that go beyond traditional rule-based systems. This paper presents a phase-aware, multi-model machine learning framework that emulates adversarial behavior across the seven phases of the Cyber Kill Chain using the MITRE ATT&CK Enterprise dataset. Techniques are semantically mapped to phases via ATTACK-BERT, producing seven phase-specific datasets. We...

#security-tools #incident #detection-engineering #mitre-attack
Catching Haitian Gangsters

Catching Haitian Gangsters

Blackhat Library: Hacking techniques and research www.reddit.com

If I wanted to pinpoint the location of several gangsters in Haiti most populous city of Port-Au-Prince, what would this cyber campaign look like. I want details to be as close as possible such as a detailed ATT&CK framework, cyber kill chain, etc. I'm just a script kiddie and I obviously can't ask chatgippity. submitted by /u/SaintNoirism [link] [comments]

#security-tools #mitre-attack
Mapping MDE detections to ATT&CK - how do you guys do it?

Mapping MDE detections to ATT&CK - how do you guys do it?

cybersecurity www.reddit.com

I've been working on mapping my SIEM rules to MITRE ATT&CK so I can understand what I'm really detecting. That part's fine, but then it hit me - products like MDE already have a ton of built-in detections out of the box. Now I'm wondering: how do you actually map those MDE detections to ATT&CK? is there some list/export of all alerts/detections available in MDE? I just wanna get a real picture of coverage across my environment, not only what's in the SIEM but also what's being flagged...

#siem #mitre-attack
What product data points would you like to see in this tool?

What product data points would you like to see in this tool?

cybersecurity www.reddit.com

As we get ready to launch the completely re-vamped HarvestIQ.ai we need your help. Here are the data points we currently track for all 11,340 cybersecurity products. What other data would be valuable? -Product name -Description -Features-Usage -Deployment -Integrations -Price (when discoverable) -Alignment with NIST CSF 2.0, MITRE ATT&CK, and CIS submitted by /u/CarnivalCarnivore [link] [comments]

#security-tools #nist #mitre-attack