chg: [attack] updates

changes-actionable
Alexandre Dulaunoy 2019-10-25 07:56:51 +02:00
parent dfd9c12daa
commit 9905ac73aa
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
10 changed files with 97 additions and 57 deletions

BIN
attack/amitt.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 92 KiB

3
attack/build.sh Normal file
View File

@ -0,0 +1,3 @@
export TEXINPUTS=::~/git/misp-training/themes/
echo ${TEXINPUTS}
pdflatex slide.tex

View File

@ -20,8 +20,10 @@
\@writefile{nav}{\headcommand {\beamer@framepages {9}{9}}} \@writefile{nav}{\headcommand {\beamer@framepages {9}{9}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}} \@writefile{nav}{\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {10}{10}}} \@writefile{nav}{\headcommand {\beamer@framepages {10}{10}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {11}{11}}}
\@setckpt{content}{ \@setckpt{content}{
\setcounter{page}{11} \setcounter{page}{12}
\setcounter{equation}{0} \setcounter{equation}{0}
\setcounter{enumi}{0} \setcounter{enumi}{0}
\setcounter{enumii}{0} \setcounter{enumii}{0}
@ -36,8 +38,8 @@
\setcounter{section}{0} \setcounter{section}{0}
\setcounter{subsection}{0} \setcounter{subsection}{0}
\setcounter{subsubsection}{0} \setcounter{subsubsection}{0}
\setcounter{subsectionslide}{10} \setcounter{subsectionslide}{11}
\setcounter{framenumber}{9} \setcounter{framenumber}{10}
\setcounter{figure}{0} \setcounter{figure}{0}
\setcounter{table}{0} \setcounter{table}{0}
\setcounter{parentequation}{0} \setcounter{parentequation}{0}

View File

@ -20,10 +20,10 @@
\begin{frame} \begin{frame}
\frametitle{New ATT\&CK sighting reporting format} \frametitle{New ATT\&CK sighting reporting format}
\begin{itemize} \begin{itemize}
\item Result of discussions with Mitre \item Result of discussions with MITRE
\item MISP server hosts can now decide to export an {\bf enumeration of the patterns} used based on the data-set \item MISP server hosts can now decide to export an {\bf enumeration of the patterns} used based on the data-set
\item Subject to all regular {\bf restSearch filtering methods} (time, organisation, context, etc) \item Subject to all regular {\bf restSearch filtering methods} (time, organisation, context, etc)
\item Export returns the data-set in Mitre's owns {\bf ATT\&CK sighting format} \item Export returns the data-set in MITRE's owns {\bf ATT\&CK sighting format}
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -63,21 +63,24 @@
\item {\bf Francesco Bigarella} from ING showcased {\bf attack4fraud} \item {\bf Francesco Bigarella} from ING showcased {\bf attack4fraud}
\begin{itemize} \begin{itemize}
\item {\bf ATT\&CK like matrix} \item {\bf ATT\&CK like matrix}
\item Makes use of kill-chain phases \item Makes use of kill-chain phases
\item Enables all of the advantages provided by the framework (such as technique frequency analysis) \item Enables all of the advantages provided by the framework (such as technique frequency analysis)
\end{itemize} \end{itemize}
\item This inspired us to allow for other matrix-like galaxies to be added \item This inspired us to allow for other matrix-like galaxies to be added
\end{itemize} \end{itemize}
\includegraphics[scale=0.3]{matrix-like.png}
\end{frame} \end{frame}
\begin{frame} \begin{frame}
\frametitle{ATT\&CK matrices as a standardised methodology outcomes} \frametitle{ATT\&CK matrices as a standardised methodology outcomes}
\begin{itemize} \begin{itemize}
\item Several ATT\&CK like matrices added since \item Several ATT\&CK like matrices added since in MISP galaxy
\begin{itemize} \begin{itemize}
\item {\bf attck4fraud}
\item {\bf Election guidelines} \item {\bf Election guidelines}
\item {\bf Office 365 exchange techniques} \item {\bf Office365 exchange techniques}
\item {\bf AM!TT Tactic} (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents
\end{itemize} \end{itemize}
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -92,3 +95,17 @@
\includegraphics[scale=0.3]{office.png} \includegraphics[scale=0.3]{office.png}
\end{frame} \end{frame}
\begin{frame}
\frametitle{AM!TT Tactic (Adversarial Misinformation and Influence Tactics and Techniques)}
\includegraphics[scale=0.3]{amitt.png}
\end{frame}
\begin{frame}
\frametitle{Conclusion}
\begin{itemize}
\item The matrix-like enhancement from the MISP galaxy format will be added in the default MISP galaxy standard format\footnote{\url{https://www.misp-standard.org/}}
\item MITRE ATT\&CK sighting export in MISP was a first step to automate sharing of sightings ($\rightarrow$ public/private repository of sightings)
\item ATT\&CK like matrices become more and more common, thanks the {\bf continuous work of the community}
\end{itemize}
\end{frame}

BIN
attack/matrix-like.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 24 KiB

View File

@ -19,9 +19,9 @@
\providecommand\HyField@AuxAddToCoFields[2]{} \providecommand\HyField@AuxAddToCoFields[2]{}
\@input{content.aux} \@input{content.aux}
\providecommand \oddpage@label [2]{} \providecommand \oddpage@label [2]{}
\pgfsyspdfmark {pgfid1}{1398509}{16987808} \pgfsyspdfmark {pgfid1}{1398509}{16982046}
\@writefile{nav}{\headcommand {\beamer@partpages {1}{10}}} \@writefile{nav}{\headcommand {\beamer@partpages {1}{11}}}
\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{10}}} \@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{11}}}
\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{10}}} \@writefile{nav}{\headcommand {\beamer@sectionpages {1}{11}}}
\@writefile{nav}{\headcommand {\beamer@documentpages {10}}} \@writefile{nav}{\headcommand {\beamer@documentpages {11}}}
\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {9}}} \@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {10}}}

View File

@ -1,4 +1,4 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.18 (TeX Live 2017/Debian) (preloaded format=pdflatex 2019.2.21) 25 OCT 2019 02:17 This is pdfTeX, Version 3.14159265-2.6-1.40.18 (TeX Live 2017/Debian) (preloaded format=pdflatex 2018.10.13) 25 OCT 2019 07:41
entering extended mode entering extended mode
restricted \write18 enabled. restricted \write18 enabled.
%&-line parsing enabled. %&-line parsing enabled.
@ -644,7 +644,7 @@ Package: amsthm 2017/10/31 v2.20.4
\beamer@dimb=\dimen189 \beamer@dimb=\dimen189
) )
(/usr/share/texlive/texmf-dist/tex/latex/beamer/beamerouterthemedefault.sty))) (/usr/share/texlive/texmf-dist/tex/latex/beamer/beamerouterthemedefault.sty)))
(/home/iglocska/Documents/misp-training/themes/beamerthemefocus.sty (/home/adulau/git/misp-training/themes/beamerthemefocus.sty
Package: beamerthemefocus 2019/01/18 v2.3 Focus Beamer theme Package: beamerthemefocus 2019/01/18 v2.3 Focus Beamer theme
(/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty (/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty
@ -777,9 +777,9 @@ o fonts.
(/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty (/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty
Package: fontenc 2017/04/05 v2.0i Standard LaTeX package Package: fontenc 2017/04/05 v2.0i Standard LaTeX package
)) ))
(/home/iglocska/Documents/misp-training/themes/beamercolorthemefocus.sty) (/home/adulau/git/misp-training/themes/beamercolorthemefocus.sty)
(/home/iglocska/Documents/misp-training/themes/beamerfontthemefocus.sty) (/home/adulau/git/misp-training/themes/beamerfontthemefocus.sty)
(/home/iglocska/Documents/misp-training/themes/beamerinnerthemefocus.sty (/home/adulau/git/misp-training/themes/beamerinnerthemefocus.sty
(/usr/share/texlive/texmf-dist/tex/latex/pgf/frontendlayer/tikz.sty (/usr/share/texlive/texmf-dist/tex/latex/pgf/frontendlayer/tikz.sty
(/usr/share/texlive/texmf-dist/tex/latex/pgf/basiclayer/pgf.sty (/usr/share/texlive/texmf-dist/tex/latex/pgf/basiclayer/pgf.sty
Package: pgf 2015/08/07 v3.0.1a (rcs-revision 1.15) Package: pgf 2015/08/07 v3.0.1a (rcs-revision 1.15)
@ -849,7 +849,7 @@ File: pgfmodulematrix.code.tex 2013/09/17 (rcs-revision 1.8)
zlibrarytopaths.code.tex zlibrarytopaths.code.tex
File: tikzlibrarytopaths.code.tex 2008/06/17 v3.0.1a (rcs-revision 1.2) File: tikzlibrarytopaths.code.tex 2008/06/17 v3.0.1a (rcs-revision 1.2)
)))) ))))
(/home/iglocska/Documents/misp-training/themes/beamerouterthemefocus.sty (/home/adulau/git/misp-training/themes/beamerouterthemefocus.sty
(/usr/share/texlive/texmf-dist/tex/latex/appendixnumberbeamer/appendixnumberbea (/usr/share/texlive/texmf-dist/tex/latex/appendixnumberbeamer/appendixnumberbea
mer.sty) (/usr/share/texlive/texmf-dist/tex/latex/oberdiek/bookmark.sty mer.sty) (/usr/share/texlive/texmf-dist/tex/latex/oberdiek/bookmark.sty
Package: bookmark 2016/05/17 v1.26 PDF bookmarks (HO) Package: bookmark 2016/05/17 v1.26 PDF bookmarks (HO)
@ -1631,11 +1631,10 @@ File: misplogo.pdf Graphic file (type pdf)
<use misplogo.pdf> <use misplogo.pdf>
Package pdftex.def Info: misplogo.pdf used on input line 6. Package pdftex.def Info: misplogo.pdf used on input line 6.
(pdftex.def) Requested size: 55.00186pt x 40.3096pt. (pdftex.def) Requested size: 55.00186pt x 40.3096pt.
(../includes/location.txt)
LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/n' will be LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/n' will be
(Font) scaled to size 4.0pt on input line 6. (Font) scaled to size 4.0pt on input line 6.
[1
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map} <./misp.pdf> <./misplogo.pd {/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map} <./misp.pdf> <./misplogo.pd
@ -1671,55 +1670,72 @@ Package pdftex.def Info: matrix2.png used on input line 57.
[6 [6
<./matrix2.png (PNG copy)>] <./matrix2.png (PNG copy)>]
LaTeX Font Info: Try loading font information for U+msa on input line 71. LaTeX Font Info: Try loading font information for U+msa on input line 72.
(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsa.fd (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsa.fd
File: umsa.fd 2013/01/14 v3.01 AMS symbols A File: umsa.fd 2013/01/14 v3.01 AMS symbols A
) )
LaTeX Font Info: Try loading font information for U+msb on input line 71. LaTeX Font Info: Try loading font information for U+msb on input line 72.
(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsb.fd (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsb.fd
File: umsb.fd 2013/01/14 v3.01 AMS symbols B File: umsb.fd 2013/01/14 v3.01 AMS symbols B
) )
LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/n' will be LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/n' will be
(Font) scaled to size 7.0pt on input line 71. (Font) scaled to size 7.0pt on input line 72.
LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/n' will be LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/n' will be
(Font) scaled to size 5.0pt on input line 71. (Font) scaled to size 5.0pt on input line 72.
LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/it' will be LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/it' will be
(Font) scaled to size 10.0pt on input line 71. (Font) scaled to size 10.0pt on input line 72.
LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/it' will be LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/it' will be
(Font) scaled to size 7.0pt on input line 71. (Font) scaled to size 7.0pt on input line 72.
LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/it' will be LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/it' will be
(Font) scaled to size 5.0pt on input line 71. (Font) scaled to size 5.0pt on input line 72.
LaTeX Font Info: Font shape `T1/FiraSans-OsF/b/n' will be
(Font) scaled to size 10.0pt on input line 72.
<matrix-like.png, id=73, 936.49875pt x 212.795pt>
File: matrix-like.png Graphic file (type png)
<use matrix-like.png>
Package pdftex.def Info: matrix-like.png used on input line 72.
(pdftex.def) Requested size: 280.95178pt x 63.83897pt.
[7 [7
] <./matrix-like.png>] [8
LaTeX Font Info: Font shape `T1/FiraSans-OsF/b/n' will be
(Font) scaled to size 10.0pt on input line 83.
[8
] ]
<election.png, id=85, 983.92593pt x 444.15938pt> <election.png, id=88, 983.92593pt x 444.15938pt>
File: election.png Graphic file (type png) File: election.png Graphic file (type png)
<use election.png> <use election.png>
Package pdftex.def Info: election.png used on input line 88. Package pdftex.def Info: election.png used on input line 91.
(pdftex.def) Requested size: 295.18005pt x 133.24883pt. (pdftex.def) Requested size: 295.18005pt x 133.24883pt.
[9 [9
<./election.png (PNG copy)>] <./election.png (PNG copy)>]
<office.png, id=91, 1464.97313pt x 381.67593pt> <office.png, id=94, 1464.97313pt x 381.67593pt>
File: office.png Graphic file (type png) File: office.png Graphic file (type png)
<use office.png> <use office.png>
Package pdftex.def Info: office.png used on input line 93. Package pdftex.def Info: office.png used on input line 96.
(pdftex.def) Requested size: 439.49533pt x 114.50366pt. (pdftex.def) Requested size: 439.49533pt x 114.50366pt.
Overfull \hbox (117.97908pt too wide) in paragraph at lines 93--93 Overfull \hbox (117.97908pt too wide) in paragraph at lines 96--96
[][] [][]
[] []
[10 [10
<./office.png (PNG copy)>]) <./office.png (PNG copy)>]
<amitt.png, id=100, 1845.89626pt x 608.2725pt>
File: amitt.png Graphic file (type png)
<use amitt.png>
Package pdftex.def Info: amitt.png used on input line 101.
(pdftex.def) Requested size: 553.77316pt x 182.48315pt.
Overfull \hbox (232.25691pt too wide) in paragraph at lines 101--101
[][]
[]
[11
<./amitt.png>])
\tf@nav=\write5 \tf@nav=\write5
\openout5 = `slide.nav'. \openout5 = `slide.nav'.
@ -1736,10 +1752,10 @@ Package atveryend Info: Executing hook `AtVeryEndDocument' on input line 24.
Package atveryend Info: Empty hook `AtEndAfterFileList' on input line 24. Package atveryend Info: Empty hook `AtEndAfterFileList' on input line 24.
) )
Here is how much of TeX's memory you used: Here is how much of TeX's memory you used:
26098 strings out of 492982 26107 strings out of 492982
520043 string characters out of 6134896 520076 string characters out of 6134895
603242 words of memory out of 5000000 603091 words of memory out of 5000000
29027 multiletter control sequences out of 15000+600000 29035 multiletter control sequences out of 15000+600000
229547 words of font info for 50 fonts, out of 8000000 for 9000 229547 words of font info for 50 fonts, out of 8000000 for 9000
1141 hyphenation exceptions out of 8191 1141 hyphenation exceptions out of 8191
71i,16n,83p,811b,830s stack positions out of 5000i,500n,10000p,200000b,80000s 71i,16n,83p,811b,830s stack positions out of 5000i,500n,10000p,200000b,80000s
@ -1748,10 +1764,10 @@ e/texlive/texmf-dist/fonts/enc/dvips/fira/fir_7gpamp.enc}</usr/share/texlive/te
xmf-dist/fonts/type1/public/fira/FiraSans-Bold.pfb></usr/share/texlive/texmf-di xmf-dist/fonts/type1/public/fira/FiraSans-Bold.pfb></usr/share/texlive/texmf-di
st/fonts/type1/public/fira/FiraSans-Regular.pfb></usr/share/texlive/texmf-dist/ st/fonts/type1/public/fira/FiraSans-Regular.pfb></usr/share/texlive/texmf-dist/
fonts/type1/public/amsfonts/symbols/msam10.pfb> fonts/type1/public/amsfonts/symbols/msam10.pfb>
Output written on slide.pdf (10 pages, 868443 bytes). Output written on slide.pdf (11 pages, 965315 bytes).
PDF statistics: PDF statistics:
118 PDF objects out of 1000 (max. 8388607) 128 PDF objects out of 1000 (max. 8388607)
84 compressed objects within 1 object stream 89 compressed objects within 1 object stream
21 named destinations out of 1000 (max. 500000) 23 named destinations out of 1000 (max. 500000)
73 words of extra memory for PDF output out of 10000 (max. 10000000) 83 words of extra memory for PDF output out of 10000 (max. 10000000)

View File

@ -18,8 +18,10 @@
\headcommand {\beamer@framepages {9}{9}} \headcommand {\beamer@framepages {9}{9}}
\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}} \headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}
\headcommand {\beamer@framepages {10}{10}} \headcommand {\beamer@framepages {10}{10}}
\headcommand {\beamer@partpages {1}{10}} \headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}
\headcommand {\beamer@subsectionpages {1}{10}} \headcommand {\beamer@framepages {11}{11}}
\headcommand {\beamer@sectionpages {1}{10}} \headcommand {\beamer@partpages {1}{11}}
\headcommand {\beamer@documentpages {10}} \headcommand {\beamer@subsectionpages {1}{11}}
\headcommand {\gdef \inserttotalframenumber {9}} \headcommand {\beamer@sectionpages {1}{11}}
\headcommand {\beamer@documentpages {11}}
\headcommand {\gdef \inserttotalframenumber {10}}

Binary file not shown.

View File

@ -13,12 +13,12 @@
%\usepackage[T1]{fontenc} %\usepackage[T1]{fontenc}
%\usepackage[scaled]{beramono} %\usepackage[scaled]{beramono}
\author{\small{\input{../includes/authors.txt}}} \author{\small{\input{../includes/authors.txt}}}
\title{Turning data into actionable intelligence} \title{MISP and ATT\&CK}
\subtitle{advanced features in MISP supporting your analysts and tools} \subtitle{How matrix-like models are changing MISP}
\institute{\includegraphics[scale=0.5]{misplogo.pdf}} \institute{\includegraphics[scale=0.5]{misplogo.pdf}}
\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}} \titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
\date{\input{../includes/location.txt}} \date{25th October 2019 - attack-community.org}
\begin{document} \begin{document}
\include{content} \include{content}
\end{document} \end{document}