chg: [attack] updates

attack/build.sh

@@ -0,0 +1,3 @@
+export TEXINPUTS=::~/git/misp-training/themes/
+echo ${TEXINPUTS}
+pdflatex slide.tex

attack/content.aux

@@ -20,8 +20,10 @@
 \@writefile{nav}{\headcommand {\beamer@framepages {9}{9}}}
 \@writefile{nav}{\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}}
 \@writefile{nav}{\headcommand {\beamer@framepages {10}{10}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {11}{11}}}
 \@setckpt{content}{
-\setcounter{page}{11}
+\setcounter{page}{12}
 \setcounter{equation}{0}
 \setcounter{enumi}{0}
 \setcounter{enumii}{0}
@@ -36,8 +38,8 @@
 \setcounter{section}{0}
 \setcounter{subsection}{0}
 \setcounter{subsubsection}{0}
-\setcounter{subsectionslide}{10}
-\setcounter{framenumber}{9}
+\setcounter{subsectionslide}{11}
+\setcounter{framenumber}{10}
 \setcounter{figure}{0}
 \setcounter{table}{0}
 \setcounter{parentequation}{0}

attack/content.tex

@@ -20,10 +20,10 @@
 \begin{frame}
   \frametitle{New ATT\&CK sighting reporting format}
   \begin{itemize}
-    \item Result of discussions with Mitre
+    \item Result of discussions with MITRE
     \item MISP server hosts can now decide to export an {\bf enumeration of the patterns} used based on the data-set
     \item Subject to all regular {\bf restSearch filtering methods} (time, organisation, context, etc)
-    \item Export returns the data-set in Mitre's owns {\bf ATT\&CK sighting format}
+    \item Export returns the data-set in MITRE's owns {\bf ATT\&CK sighting format}
   \end{itemize}
 \end{frame}
 
@@ -63,21 +63,24 @@
     \item {\bf Francesco Bigarella} from ING showcased {\bf attack4fraud}
     \begin{itemize}
       \item {\bf ATT\&CK like matrix}
-      \item Makes use of kill-chain phases 
+      \item Makes use of kill-chain phases
       \item Enables all of the advantages provided by the framework (such as technique frequency analysis)
     \end{itemize}
     \item This inspired us to allow for other matrix-like galaxies to be added
   \end{itemize}
+        \includegraphics[scale=0.3]{matrix-like.png}
 \end{frame}
 
 
 \begin{frame}
   \frametitle{ATT\&CK matrices as a standardised methodology outcomes}
   \begin{itemize}
-    \item Several ATT\&CK like matrices added since
+    \item Several ATT\&CK like matrices added since in MISP galaxy
     \begin{itemize}
+      \item {\bf attck4fraud}
       \item {\bf Election guidelines}
-      \item {\bf Office 365 exchange techniques}
+      \item {\bf Office365 exchange techniques}
+      \item {\bf AM!TT Tactic} (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents
     \end{itemize}
   \end{itemize}
 \end{frame}
@@ -92,3 +95,17 @@
   \includegraphics[scale=0.3]{office.png}
 \end{frame}
 
+\begin{frame}
+  \frametitle{AM!TT Tactic (Adversarial Misinformation and Influence Tactics and Techniques)}
+  \includegraphics[scale=0.3]{amitt.png}
+\end{frame}
+
+\begin{frame}
+        \frametitle{Conclusion}
+        \begin{itemize}
+                \item The matrix-like enhancement from the MISP galaxy format will be added in the default MISP galaxy standard format\footnote{\url{https://www.misp-standard.org/}}
+                \item MITRE ATT\&CK sighting export in MISP was a first step to automate sharing of sightings ($\rightarrow$ public/private repository of sightings)
+                \item ATT\&CK like matrices become more and more common, thanks the {\bf continuous work of the community}
+        \end{itemize}
+\end{frame}
+

attack/slide.aux

@@ -19,9 +19,9 @@
 \providecommand\HyField@AuxAddToCoFields[2]{}
 \@input{content.aux}
 \providecommand \oddpage@label [2]{}
-\pgfsyspdfmark {pgfid1}{1398509}{16987808}
-\@writefile{nav}{\headcommand {\beamer@partpages {1}{10}}}
-\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{10}}}
-\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{10}}}
-\@writefile{nav}{\headcommand {\beamer@documentpages {10}}}
-\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {9}}}
+\pgfsyspdfmark {pgfid1}{1398509}{16982046}
+\@writefile{nav}{\headcommand {\beamer@partpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@documentpages {11}}}
+\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {10}}}

attack/slide.log

@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.18 (TeX Live 2017/Debian) (preloaded format=pdflatex 2019.2.21)  25 OCT 2019 02:17
+This is pdfTeX, Version 3.14159265-2.6-1.40.18 (TeX Live 2017/Debian) (preloaded format=pdflatex 2018.10.13)  25 OCT 2019 07:41
 entering extended mode
  restricted \write18 enabled.
  %&-line parsing enabled.
@@ -644,7 +644,7 @@ Package: amsthm 2017/10/31 v2.20.4
 \beamer@dimb=\dimen189
 )
 (/usr/share/texlive/texmf-dist/tex/latex/beamer/beamerouterthemedefault.sty)))
-(/home/iglocska/Documents/misp-training/themes/beamerthemefocus.sty
+(/home/adulau/git/misp-training/themes/beamerthemefocus.sty
 Package: beamerthemefocus 2019/01/18 v2.3 Focus Beamer theme
 
 (/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty
@@ -777,9 +777,9 @@ o fonts.
 (/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty
 Package: fontenc 2017/04/05 v2.0i Standard LaTeX package
 ))
-(/home/iglocska/Documents/misp-training/themes/beamercolorthemefocus.sty)
-(/home/iglocska/Documents/misp-training/themes/beamerfontthemefocus.sty)
-(/home/iglocska/Documents/misp-training/themes/beamerinnerthemefocus.sty
+(/home/adulau/git/misp-training/themes/beamercolorthemefocus.sty)
+(/home/adulau/git/misp-training/themes/beamerfontthemefocus.sty)
+(/home/adulau/git/misp-training/themes/beamerinnerthemefocus.sty
 (/usr/share/texlive/texmf-dist/tex/latex/pgf/frontendlayer/tikz.sty
 (/usr/share/texlive/texmf-dist/tex/latex/pgf/basiclayer/pgf.sty
 Package: pgf 2015/08/07 v3.0.1a (rcs-revision 1.15)
@@ -849,7 +849,7 @@ File: pgfmodulematrix.code.tex 2013/09/17  (rcs-revision 1.8)
 zlibrarytopaths.code.tex
 File: tikzlibrarytopaths.code.tex 2008/06/17 v3.0.1a (rcs-revision 1.2)
 ))))
-(/home/iglocska/Documents/misp-training/themes/beamerouterthemefocus.sty
+(/home/adulau/git/misp-training/themes/beamerouterthemefocus.sty
 (/usr/share/texlive/texmf-dist/tex/latex/appendixnumberbeamer/appendixnumberbea
 mer.sty) (/usr/share/texlive/texmf-dist/tex/latex/oberdiek/bookmark.sty
 Package: bookmark 2016/05/17 v1.26 PDF bookmarks (HO)
@@ -1631,11 +1631,10 @@ File: misplogo.pdf Graphic file (type pdf)
 <use misplogo.pdf>
 Package pdftex.def Info: misplogo.pdf  used on input line 6.
 (pdftex.def)             Requested size: 55.00186pt x 40.3096pt.
-
-(../includes/location.txt)
 LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/n' will be
 (Font)              scaled to size 4.0pt on input line 6.
- [1
+
+[1
 
 
 {/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map} <./misp.pdf> <./misplogo.pd
@@ -1671,55 +1670,72 @@ Package pdftex.def Info: matrix2.png  used on input line 57.
  [6
 
  <./matrix2.png (PNG copy)>]
-LaTeX Font Info:    Try loading font information for U+msa on input line 71.
+LaTeX Font Info:    Try loading font information for U+msa on input line 72.
 
 (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsa.fd
 File: umsa.fd 2013/01/14 v3.01 AMS symbols A
 )
-LaTeX Font Info:    Try loading font information for U+msb on input line 71.
+LaTeX Font Info:    Try loading font information for U+msb on input line 72.
 
 (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsb.fd
 File: umsb.fd 2013/01/14 v3.01 AMS symbols B
 )
 LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/n' will be
-(Font)              scaled to size 7.0pt on input line 71.
+(Font)              scaled to size 7.0pt on input line 72.
 LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/n' will be
-(Font)              scaled to size 5.0pt on input line 71.
+(Font)              scaled to size 5.0pt on input line 72.
 LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/it' will be
-(Font)              scaled to size 10.0pt on input line 71.
+(Font)              scaled to size 10.0pt on input line 72.
 LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/it' will be
-(Font)              scaled to size 7.0pt on input line 71.
+(Font)              scaled to size 7.0pt on input line 72.
 LaTeX Font Info:    Font shape `T1/FiraSans-OsF/m/it' will be
-(Font)              scaled to size 5.0pt on input line 71.
+(Font)              scaled to size 5.0pt on input line 72.
+LaTeX Font Info:    Font shape `T1/FiraSans-OsF/b/n' will be
+(Font)              scaled to size 10.0pt on input line 72.
+<matrix-like.png, id=73, 936.49875pt x 212.795pt>
+File: matrix-like.png Graphic file (type png)
+<use matrix-like.png>
+Package pdftex.def Info: matrix-like.png  used on input line 72.
+(pdftex.def)             Requested size: 280.95178pt x 63.83897pt.
  [7
 
-]
-LaTeX Font Info:    Font shape `T1/FiraSans-OsF/b/n' will be
-(Font)              scaled to size 10.0pt on input line 83.
- [8
+ <./matrix-like.png>] [8
 
 ]
-<election.png, id=85, 983.92593pt x 444.15938pt>
+<election.png, id=88, 983.92593pt x 444.15938pt>
 File: election.png Graphic file (type png)
 <use election.png>
-Package pdftex.def Info: election.png  used on input line 88.
+Package pdftex.def Info: election.png  used on input line 91.
 (pdftex.def)             Requested size: 295.18005pt x 133.24883pt.
  [9
 
  <./election.png (PNG copy)>]
-<office.png, id=91, 1464.97313pt x 381.67593pt>
+<office.png, id=94, 1464.97313pt x 381.67593pt>
 File: office.png Graphic file (type png)
 <use office.png>
-Package pdftex.def Info: office.png  used on input line 93.
+Package pdftex.def Info: office.png  used on input line 96.
 (pdftex.def)             Requested size: 439.49533pt x 114.50366pt.
 
-Overfull \hbox (117.97908pt too wide) in paragraph at lines 93--93
+Overfull \hbox (117.97908pt too wide) in paragraph at lines 96--96
 [][]  
  []
 
 [10
 
- <./office.png (PNG copy)>])
+ <./office.png (PNG copy)>]
+<amitt.png, id=100, 1845.89626pt x 608.2725pt>
+File: amitt.png Graphic file (type png)
+<use amitt.png>
+Package pdftex.def Info: amitt.png  used on input line 101.
+(pdftex.def)             Requested size: 553.77316pt x 182.48315pt.
+
+Overfull \hbox (232.25691pt too wide) in paragraph at lines 101--101
+[][]  
+ []
+
+[11
+
+ <./amitt.png>])
 \tf@nav=\write5
 \openout5 = `slide.nav'.
 
@@ -1736,10 +1752,10 @@ Package atveryend Info: Executing hook `AtVeryEndDocument' on input line 24.
 Package atveryend Info: Empty hook `AtEndAfterFileList' on input line 24.
  ) 
 Here is how much of TeX's memory you used:
- 26098 strings out of 492982
- 520043 string characters out of 6134896
- 603242 words of memory out of 5000000
- 29027 multiletter control sequences out of 15000+600000
+ 26107 strings out of 492982
+ 520076 string characters out of 6134895
+ 603091 words of memory out of 5000000
+ 29035 multiletter control sequences out of 15000+600000
  229547 words of font info for 50 fonts, out of 8000000 for 9000
  1141 hyphenation exceptions out of 8191
  71i,16n,83p,811b,830s stack positions out of 5000i,500n,10000p,200000b,80000s
@@ -1748,10 +1764,10 @@ e/texlive/texmf-dist/fonts/enc/dvips/fira/fir_7gpamp.enc}</usr/share/texlive/te
 xmf-dist/fonts/type1/public/fira/FiraSans-Bold.pfb></usr/share/texlive/texmf-di
 st/fonts/type1/public/fira/FiraSans-Regular.pfb></usr/share/texlive/texmf-dist/
 fonts/type1/public/amsfonts/symbols/msam10.pfb>
-Output written on slide.pdf (10 pages, 868443 bytes).
+Output written on slide.pdf (11 pages, 965315 bytes).
 PDF statistics:
- 118 PDF objects out of 1000 (max. 8388607)
- 84 compressed objects within 1 object stream
- 21 named destinations out of 1000 (max. 500000)
- 73 words of extra memory for PDF output out of 10000 (max. 10000000)
+ 128 PDF objects out of 1000 (max. 8388607)
+ 89 compressed objects within 1 object stream
+ 23 named destinations out of 1000 (max. 500000)
+ 83 words of extra memory for PDF output out of 10000 (max. 10000000)
 

attack/slide.nav

@@ -18,8 +18,10 @@
 \headcommand {\beamer@framepages {9}{9}}
 \headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}
 \headcommand {\beamer@framepages {10}{10}}
-\headcommand {\beamer@partpages {1}{10}}
-\headcommand {\beamer@subsectionpages {1}{10}}
-\headcommand {\beamer@sectionpages {1}{10}}
-\headcommand {\beamer@documentpages {10}}
-\headcommand {\gdef \inserttotalframenumber {9}}
+\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}
+\headcommand {\beamer@framepages {11}{11}}
+\headcommand {\beamer@partpages {1}{11}}
+\headcommand {\beamer@subsectionpages {1}{11}}
+\headcommand {\beamer@sectionpages {1}{11}}
+\headcommand {\beamer@documentpages {11}}
+\headcommand {\gdef \inserttotalframenumber {10}}

attack/slide.tex

@@ -13,12 +13,12 @@
 %\usepackage[T1]{fontenc}
 %\usepackage[scaled]{beramono}
 \author{\small{\input{../includes/authors.txt}}}
-\title{Turning data into actionable intelligence}
-\subtitle{advanced features in MISP supporting your analysts and tools}
+\title{MISP and ATT\&CK}
+\subtitle{How matrix-like models are changing MISP}
 \institute{\includegraphics[scale=0.5]{misplogo.pdf}}
 \titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
 
-\date{\input{../includes/location.txt}}
+\date{25th October 2019 - attack-community.org}
 \begin{document}
 \include{content}
 \end{document}