Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often
Today we’ve released a whitepaper on the key techniques that continue to enable us to breach the largest and most sophisticated organisations on the planet. Organisations that prioritize these areas, and the mitigations we outline, will thwart attacks while making threat actors work harder and ultimately fail more often.
The purpose of this paper is to assist organisations in prioritising their security activities, to thwart attack techniques successfully utilised during Red Team engagements and other offensive operations by real-world threat actors in the most efficient way possible.
Our recommendations are born out of experience from real-world offensive campaigns and those things that make our operatives lives more stressful, less likely to succeed, take greater risks and be overall less effective.
What we cover
Each stage of an attack is described with a reference to the respective Mitre ATT CK technique for further reference. In reality, the attacker wins most of the time because of poor operational hygiene inside and outside of the organisation in relation to digital assets.
This poor hygiene provides the window for initial compromise coupled regularly with an inability to detect, contain or effectively respond to a breach.
- The reconnaissance phase
- Information is everywhere (ATT CK TA0015, TA0016, T1526)
- In Phase
- Exploitation of Vulnerabilities (ATT CK T1190)
- External Authentication Exploitation (ATT CK T1078)
- Phishing Vishing (ATT CK T1192, T1193, T1194, TA0003)
- Using Internal Information Repositories (ATT CK T1213, T1039, T1081)
- Maintaining and Elevating Access Through Movement (ATT CK T1075, T1076, T1028)
- Using the Access Already Secured (ATT CK T1078)
- Exploitation of Centralized Identity and Access Managemet (ATT CK T1078)
- Out Phase
- Securing the Required Access (ATT CK T1078)
- Objective Actions
Getting the Paper
Feedback and Further Discussion
If you have feedback or would like to discuss further you can e-mail me on ollie.whitehouse[@]nccgroup.com or get me @ollieatnccgroup on Twitter.
Thanks to the numerous people across our global offensive and defensive capabilities who contributed their insights and wisdom.