Gunter Ollmann

Today, Nucleus Security announced our sponsorship of the inaugural EPSS (Exploit Prediction Scoring System) report from Cyentia Institute. This report evaluates EPSS performance over the last few years and drills into questions related to understanding vulnerability exploitation in the wild. I'm adding links to the report and related resources in the comments. #cybersecurity #EPSS #NucleusSecurity #vulnerabilitymanagement

22

3 Comments

💥 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐓𝐢𝐩 💥 𝐮𝐧𝐜𝐨𝐝𝐞𝐫[.]𝐢𝐨: is a tool designed for converting Sigma rules to various formats, including SPL (Search Processing Language) queries for use with Splunk. It helps streamline the process of translating Sigma rules, which are a format for defining detection rules used in SIEM (Security Information and Event Management) systems, into SPL, which is used by Splunk for querying and analyzing log data. In the example on the image show sigma rule To detect the creation of the scheduled task. #Cybersecurity #InfoSec #CyberDefense

26

1 Comment

Read all about our VP of SA Jordan Camba talk about his experience as a Detection Engineer and Threat Hunter. "As a Detection Engineer and Threat Hunter, my passion for MITRE ATT&CK is boundless. It's an essential framework for assessing, measuring, and communicating the breadth and depth of our detection capabilities. However, the utility of MITRE ATT&CK is often compromised by inaccuracies and a lack of precision in how some organizations apply mappings. This can lead to a distorted understanding of our security posture, ultimately misallocating resources and weakening our defenses." Read more in his latest blog here: https://lnkd.in/e7CzWazn Why Precision and Accuracy Matter in MITRE ATT&CK Mappings - - Accuracy ensures that the tactics, techniques, and sub-techniques correctly represent the detected activities, providing a clear and reliable view of our security landscape. Inaccurate mappings can lead to confusion and misplaced focus, undermining the integrity of threat detection efforts. - - Precision, on the other hand, involves the granularity of these mappings. It's about capturing the specific details that make detections actionable. A lack of precision can leave us with a general, but not necessarily useful, understanding of potential threats. Here are some common mistakes: ❌ Mapping without sub-techniques ❌ Overlapping techniques ❌ Incorrect technique assignments How to fix these mistakes? Follow a few simple rules: 1. Keep it simple - Focus on what is immediately observable and mapto Sub-Techniques where possible. 2. Don't be greedy - Not all techniques can be detected with logs and telemetry and not every detection needs a Technique/Sub-Technique. 3. Become a better threat researcher - Improve your ability to find, interpret, and understand research on malware, tools, techniques, and vulnerabilities and instantiate a lab environment. At SnapAttack, we are committed to refining the quality of these mappings. Our platform offers: ✅ Pre-Written Tested Detections: A growing library of Sigma rules tested in our Sandbox sessions, with accurate ATT&CK mappings. ✅ MITRE ATT&CK Prioritization & Coverage Reporting: Using top-tier Threat Intelligence, we prioritize techniques and sub-techniques according to industry and regional relevance. ✅ Research Sandbox: A tool for hands-on-keyboard research to enhance threat detection capabilities. #CyberSecurity #ThreatDetection #MITREATTACK #SnapAttack #DetectionEngineering #ThreatHunting #CyberDefense #SecurityPosture #AccuracyAndPrecision

16