Active Countermeasures Webcast
11-11-2020
How to Cover C&C in the MITRE ATT&CK Matrix
We all look to the MITRE ATT&CK Matrix for guidance to understand attack techniques as well as to mitigate their risks. If you want to take a strong defense-in-depth approach, you will want to ensure you have coverage of each ATT&CK framework category. Arguably, one of the most difficult columns to both test and implement is the Command and Control column.
In this ACM webcast, we’ll run down the Command and Control column to identify how we can both detect and test each described threat vector.
Presented by: John Strand
Timeline:
- 0:00:00 – PreShow Banter™ — Geek Dance Party
- 0:09:48 – FEATURE PRESENTATION: How to Cover C&C in the AT&TCK Matrix
- 0:14:03 – Problems with IDS
- 0:19:11 – Endpoint Protection Review: A Change in the Landscape
- 0:23:13 – MITRE Command & Control & Exfiltration
- 0:26:48 – MITRE Shield
- 0:33:59 – Why Is This Necessary?
- 0:36:18 – Malware PCAP Samples
- 0:47:09 – Passer
- 0:50:51 – Creating Command & Control
- 0:58:04 – Conclusions & Questions
- 1:09:52 – DEMO: AI-Hunter (Active Countermeasures) Commercial Demo