Open in app
Sign inGet started
Mapping ATT&CK Data Sources to Security Events via OSSEM 🛡⚔️

Mapping ATT&CK Data Sources to Security Events via OSSEM 🛡⚔️

The MITRE-ATT&CK team just released the last entry of a two-part blog series where they propose a new methodology to start defining…
Go to the profile of Jose Luis Rodriguez
Jose Luis Rodriguez
It is Biceps 💪 Day! Flexing an ARM Template to deploy Azure Sentinel 🏹

It is Biceps 💪 Day! Flexing an ARM Template to deploy Azure Sentinel 🏹

Ever since I joined the Microsoft Threat Intelligence Center (MSTIC) R&D team, I have been learning about Azure Resource Manager (ARM)…
Go to the profile of Roberto Rodriguez
Roberto Rodriguez
Sharpen your Simulation Game Part 2 - Enter PurpleSharp

Sharpen your Simulation Game Part 2 - Enter PurpleSharp

In Part 2 of this series I would like to describe the architecture and workflow PurpleSharp implements to execute simulations.
Go to the profile of Mauricio Velazco
Mauricio Velazco
Sharpen your Simulation Game Part 1 - Introduction

Sharpen your Simulation Game Part 1 - Introduction

PurpleSharp is an open source adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory
Go to the profile of Mauricio Velazco
Mauricio Velazco
Mordor PCAPs 📡 — Part 1: Capturing Network Packets from Windows Endpoints with Network Shell…

Mordor PCAPs 📡 — Part 1: Capturing Network Packets from Windows Endpoints with Network Shell…

On April 21st, 2020, the ATT&CK evals team released the results of their APT29 evaluation , the emulation plan, all payloads used for Day…
Go to the profile of Roberto Rodriguez
Roberto Rodriguez
Extending the Exploration and Analysis of Windows RPC Methods Calling other Functions with Ghidra…

Extending the Exploration and Analysis of Windows RPC Methods Calling other Functions with Ghidra…

A few weeks ago, I was going over some of the research topics in my to-do list, and the one that sounded interesting to work on during 4th…
Go to the profile of Roberto Rodriguez
Roberto Rodriguez
Community Evaluating Free Telemetry 💸 🌎 Following the ATT&CK Evals Methodology ⚔️

Community Evaluating Free Telemetry 💸 🌎 Following the ATT&CK Evals Methodology ⚔️

In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors to provide insight and transparency over their true…
Go to the profile of Roberto Rodriguez
Roberto Rodriguez
About Open Threat ResearchLatest StoriesArchiveAbout MediumTermsPrivacyTeams