Invoke-GreatBirdOfCommonKnowledge - Gathering what is scattered with ATT&CK, an Atomic Bird, and a bit of homegrown PowerShell...

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 8, 2019, 9:30 a.m. (30 minutes)

IT Security is hard. The landscape moves at a fast pace, and it is important for Red&Blue to stay up to date with the constantly evolving threats, tradecraft, and associated technical knowledge. ATT&CK does a great job at gathering all this and making it available via a wiki and a REST API. The kill-chain encyclopedia of known corporate post-exploitation techniques for the masses... so I made a set of Cmdlets to access this data from a PowerShell prompt, and facing the demo gods, I will show how this first toolset can be used to search and navigate the ATT&CK Knowledge base, document your moves, & automate stuff, and I will then demo how to invoke the Great Bird of Common Knowledge by feeding ATT&CK techniques to an Atomic Canary over a smoking pipe... Really cool stuff. Don't miss it.

Presenters:

• Walter Legowski
  Walter Legowski [@SadProcessor] / "Make the world a safer place" @ ERNW [DE] / PowerShell Bad Boy & Noob for life / Likes Tools, Security & Automation / Likes Streets, Cats and Trees / Likes mixing stuff...

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Invoke GreatBirdOfCommonKnowledge Gathering what is scattered with ATTCK an Atomic Bird an.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Invoke GreatBirdOfCommonKnowledge Gathering what is scattered with ATTCK an Atomic Bird an.eng.srt (subtitles)
• https://www.youtube.com/watch?v=O40nIk3EIYI

Similar Presentations:

• BSidesDC 2019 / Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK
• GrrCON 2019 / Atomic Threat Coverage: operationalized ATT&CK
• Black Hat USA 2019 / MITRE ATT&CK: The Play at Home Edition