Last year we created a map of MITRE #ATT&CK objects to really help us understand how they were connected, beyond just Tactics and Techniques.

It continues to help us immensely when categorising #threatintel.

Hopefully you'll find it useful too.

miro.com/app/board/uX...

Arango CVE Processor [OSS DEMO]: Enrich vulnerabilities. Explore on a graph. YouTube video by dogesec

Take a #mitreattack technique. Find out what #vulnerabilities that technique is used to exploit.

And a whole lot more...

youtu.be/J_LbAzoUpd4

Graphing the Ransomware Payment Ecosystem using STIX Objects I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it.

#threatintel peeps: understanding how #ransomware operators are performing financially can give a good indication of where to focus your research and defensive activities.

www.dogesec.com/blog/stix_gr...

GitHub - muchdogesec/awesome_threat_intel_blogs: A curated list of Awesome Threat Intelligence Blogs A curated list of Awesome Threat Intelligence Blogs - muchdogesec/awesome_threat_intel_blogs

We've just added @doublepulsar.com to our list of Awesome #threatintel Blogs...

github.com/muchdogesec/...

Arango TAXII Server [OSS DEMO]: Easily Distribute your Threat Intelligence YouTube video by DOGESEC

We wanted a #TAXII Server to distribute our #threatintel into #MISP servers.

We didn't want a full blown TIP platform, nor did we want to write custom connectors to our graph database.

So we built Arango TAXII Server.

www.youtube.com/watch?v=tYWO...

GitHub - muchdogesec/arango_cti_processor: A small script that creates relationships between common CTI knowledge-bases in STIX 2.1 format. A small script that creates relationships between common CTI knowledge-bases in STIX 2.1 format. - muchdogesec/arango_cti_processor

Or for those brave people who just want to jump straight into the code:

github.com/muchdogesec/...

Arango CTI Processor [OSS DEMO]: traverse threat intelligence knowledge-bases on a graph YouTube video by DOGESEC

For those the prefer a video:

www.youtube.com/watch?v=CcoA...

How CTI Butler Creates a Threat Intelligence Graph CTI Butler links many common knowledge bases, for example linking MITRE ATT&CK to CAPEC objects, to improve the context of our research. This post describes the logic CTI Butler employs behind the sce...

All of our #threatintel is stored on a single network graph. You can traverse it easily to further enrich your research.

In this post we lift the lid on one small part of that graph... how we link popular knowledge-bases like MITRE's #attack an #cwe.

www.dogesec.com/blog/how_cti...

ATT&CKcon 5.0 - YouTube

MITRE #ATT&CK ATT&CKcon 5.0 recordings now on YT

www.youtube.com/playlist?lis...

tl;dr ATLAS = ATT&CK for AI.

GitHub - muchdogesec/ctibutler: A web API for various cyber threat intelligence frameworks, including MITRE ATT&CK, CWE, ATLAS... A web API for various cyber threat intelligence frameworks, including MITRE ATT&CK, CWE, ATLAS... - muchdogesec/ctibutler

MITRE ATLAS is a knowledge base of adversary tactics, techniques, and case studies for AI systems.

CTI Butler now supports the latest version MITRE ATLAS (v4.7.0) 🎉

The framework is already indispensable for our team when classifying #threatintelligence research.

github.com/muchdogesec/...

@nasbench.bsky.social 👀

Compared to release v2023-08-24, in v2024-11-10 there are 469 more public #detectionrules in the #SigmaRules repository.

www.dogesec.com/blog/analysi...

#threatintelligence #threatintel