Full Report
John talked about how we’d attack, here’s how you can defend against those attacks. Grab the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/ The post PODCAST: Attack Tactics Part 2 appeared first on Black Hills Information Security, Inc..
Analysis Summary
The provided article description is a set of links and promotional text for a Black Hills Information Security podcast featuring John Strand, focusing on attack tactics and corresponding blue team defenses, including references to MITRE ATT&CK training. **It does not contain specific technical details about a particular malware family, tool, or set of TTPs.**
Therefore, the summary must reflect this lack of specific technical content, focusing on the overarching *theme* of attack tactics and defense.
---
# Tool/Technique: Attack Tactics and Blue Team Defense Strategies
## Overview
This summary is based on promotional material for a Black Hills Information Security podcast where John Strand discusses common attack techniques and outlines corresponding defensive strategies for Blue Teams. The context suggests a general overview of adversary methodologies structured around the MITRE ATT&CK framework, intended to educate defenders on how to detect and respond to these actions.
## Technical Details
- **Type:** Conceptual Framework Discussion (Focus on Tactics and Defense)
- **Platform:** Not specified (Implied enterprise environments, covering various operating systems/networks)
- **Capabilities:** Discussing attack methodologies and defensive countermeasures derived from real-world threat behaviors.
- **First Seen:** Contextual material from a podcast likely released around the time of the referenced courses/webcasts.
## MITRE ATT&CK Mapping
Since the specific techniques are not listed, the mapping reflects the general scope mentioned in the context: Learning security through the lens of MITRE ATT&CK.
- **TA0001 - Initial Access**
- **TA0002 - Execution**
- **TA0003 - Persistence**
- *(A broad range of Tactics mentioned implicitly by discussing "Attack Tactics")*
## Functionality
### Core Capabilities
- Outlining high-level offensive techniques used by adversaries.
- Providing defensive strategies mapped to those offensive techniques for Blue Team implementation.
### Advanced Features
- Direct reference to training curricula covering **Active Defense & Cyber Deception**.
- Use of the **MITRE ATT&CK** knowledge base as the primary structure for discussion.
## Indicators of Compromise
No specific technical IOCs (hashes, IPs, files) are provided in the context description.
- **File Hashes:** N/A
- **File Names:** N/A
- **Registry Keys:** N/A
- **Network Indicators:** N/A
- **Behavioral Indicators:** N/A
## Associated Threat Actors
The context implies discussion around general adversary techniques against which defense training is provided, but no specific threat actors are explicitly named in this summary context.
## Detection Methods
Detection methods are implied to be the core focus of the defense discussion:
- **Signature-based detection:** Implied through necessary rule creation in security tools.
- **Behavioral detection:** Strongly implied by the focus on courses like "Active Defense & Cyber Deception."
- **YARA rules:** Not explicitly mentioned.
## Mitigation Strategies
Mitigation is presented through learning defensive skills covered in John Strand's training:
- **Prevention measures:** Learning core security skills (SOC Core Skills).
- **Hardening recommendations:** Implementing Active Defense and Deception techniques.
## Related Tools/Techniques
The context explicitly relates the discussion to the utilization and understanding of the **MITRE ATT&CK framework** itself.