chg: [event] move more event-related -> events

attack/content.tex

@@ -1,111 +0,0 @@
-% DO NOT COMPILE THIS FILE DIRECTLY!
-% This is included by the other .tex files.
-
-\begin{frame}
-\titlepage
-\end{frame}
-
-\begin{frame}
-  \frametitle{What changed since the last workshop?}
-  \begin{itemize}
-    \item ATT\&CK has been steadily on the rise
-    \item We have observerd it becoming a {\bf baseline for contextualisation} in several communities
-    \item Relatively {\bf simple} to understand
-    \item Makes the {\bf ingestion} of data based on context much easier
-    \item Its use boosts {\bf analytical use-cases} (risk assessment, threat intelligence)
-    \item This made us think about how we could further capitalise on its success
-  \end{itemize}
-\end{frame}
-
-\begin{frame}
-  \frametitle{New ATT\&CK sighting reporting format}
-  \begin{itemize}
-    \item Result of discussions with MITRE
-    \item MISP server hosts can now decide to export an {\bf enumeration of the patterns} used based on the data-set
-    \item Subject to all regular {\bf restSearch filtering methods} (time, organisation, context, etc)
-    \item Export returns the data-set in MITRE's owns {\bf ATT\&CK sighting format}
-  \end{itemize}
-\end{frame}
-
-\begin{frame}
-  \frametitle{Searching our data-set for ATT\&CK-like matrix heatmaps}
-  \begin{itemize}
-    \item new standard {\bf restSearch return format}
-    \item Returns {\bf HTML navigator-like heatmap}
-    \item Easy integration into existing web applications
-    \item Make use of all the MISP API filtering options
-    \item Interested in how the rest of your {\bf sector} shapes up?
-    \item Or perhaps different {\bf time} frames?
-    \item Why not both and {\bf compare} them?
-  \end{itemize}
-\end{frame}
-
-\begin{frame}
-  \frametitle{Searching our data-set for ATT\&CK-like matrix heatmaps}
-  \begin{itemize}
-    \item The full dataset for a given time in an instance
-  \end{itemize}
-  \includegraphics[scale=0.18]{matrix.png}
-\end{frame}
-
-\begin{frame}
-  \frametitle{Searching our data-set for ATT\&CK-like matrix heatmaps}
-  \begin{itemize}
-    \item The full dataset for a given time in an instance
-  \end{itemize}
-  \includegraphics[scale=0.18]{matrix2.png}
-\end{frame}
-
-\begin{frame}
-  \frametitle{ATT\&CK matrices as a standardised methodology}
-  \begin{itemize}
-    \item The advent of ATT\&CK had a secondary effect that was somewhat anticipated
-    \item {\bf Francesco Bigarella} from ING showcased {\bf attack4fraud}
-    \begin{itemize}
-      \item {\bf ATT\&CK like matrix}
-      \item Makes use of kill-chain phases
-      \item Enables all of the advantages provided by the framework (such as technique frequency analysis)
-    \end{itemize}
-    \item This inspired us to allow for other matrix-like galaxies to be added
-  \end{itemize}
-        \includegraphics[scale=0.3]{matrix-like.png}
-\end{frame}
-
-
-\begin{frame}
-  \frametitle{ATT\&CK matrices as a standardised methodology outcomes}
-  \begin{itemize}
-    \item Several ATT\&CK like matrices added since in MISP galaxy
-    \begin{itemize}
-      \item {\bf attck4fraud}
-      \item {\bf Election guidelines}
-      \item {\bf Office365 exchange techniques}
-      \item {\bf AM!TT Tactic}\footnote{\url{https://github.com/misinfosecproject/amitt_framework}} (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents
-    \end{itemize}
-  \end{itemize}
-\end{frame}
-
-\begin{frame}
-  \frametitle{Election guidelines}
-  \includegraphics[scale=0.3]{election.png}
-\end{frame}
-
-\begin{frame}
-  \frametitle{Office 365 techniques}
-  \includegraphics[scale=0.3]{office.png}
-\end{frame}
-
-\begin{frame}
-  \frametitle{AM!TT Tactic (Adversarial Misinformation and Influence Tactics and Techniques)}
-  \includegraphics[scale=0.3]{amitt.png}
-\end{frame}
-
-\begin{frame}
-        \frametitle{Conclusion}
-        \begin{itemize}
-                \item The matrix-like enhancement from the MISP galaxy format will be added in the default MISP galaxy standard format\footnote{\url{https://www.misp-standard.org/}}
-                \item MITRE ATT\&CK sighting export in MISP was a first step to automate sharing of sightings ($\rightarrow$ public/private repository of sightings)
-                \item ATT\&CK like matrices become more and more common, thanks the {\bf continuous work of the community}
-        \end{itemize}
-\end{frame}
-

attack/slide.aux

@@ -1,27 +0,0 @@
-\relax 
-\providecommand\hyper@newdestlabel[2]{}
-\providecommand\BKM@entry[2]{}
-\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
-\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
-\global\let\oldcontentsline\contentsline
-\gdef\contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}}
-\global\let\oldnewlabel\newlabel
-\gdef\newlabel#1#2{\newlabelxx{#1}#2}
-\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
-\AtEndDocument{\ifx\hyper@anchor\@undefined
-\let\contentsline\oldcontentsline
-\let\newlabel\oldnewlabel
-\fi}
-\fi}
-\global\let\hyper@last\relax 
-\gdef\HyperFirstAtBeginDocument#1{#1}
-\providecommand\HyField@AuxAddToFields[1]{}
-\providecommand\HyField@AuxAddToCoFields[2]{}
-\@input{content.aux}
-\providecommand \oddpage@label [2]{}
-\pgfsyspdfmark {pgfid1}{1398509}{16982046}
-\@writefile{nav}{\headcommand {\beamer@partpages {1}{11}}}
-\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{11}}}
-\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{11}}}
-\@writefile{nav}{\headcommand {\beamer@documentpages {11}}}
-\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {10}}}

attack/slide.tex

@@ -1,25 +0,0 @@
-\documentclass{beamer}
-\usetheme[numbering=progressbar]{focus}
-\definecolor{main}{RGB}{47, 161, 219}
-\definecolor{textcolor}{RGB}{128, 128, 128}
-\definecolor{background}{RGB}{240, 247, 255}
-
-\usepackage[utf8]{inputenc}
-\usepackage{tikz}
-\usepackage{listings}
-\usepackage{adjustbox}
-\usetikzlibrary{positioning}
-\usetikzlibrary{shapes,arrows}
-%\usepackage[T1]{fontenc}
-%\usepackage[scaled]{beramono}
-\author{\small{\input{../includes/authors.txt}}}
-\title{MISP and ATT\&CK}
-\subtitle{How matrix-like models are changing MISP}
-\institute{\includegraphics[scale=0.5]{misplogo.pdf}}
-\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
-
-\date{25th October 2019 - attack-community.org}
-\begin{document}
-\include{content}
-\end{document}
-