Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.
As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Threat Intelligence mission type as well.
To consider when describing this mission type:
What is the background for it
What are the objectives of this mission type
Any considerations for activities performed for this mission type, and where do they fit within CAPEO
Threat Intel Hunt Missions
They need to be based on tactical threat intelligence products
Threat Intel reports that contain enough elements to describe attacker TTP can be leveraged for these missions
A process for qualifying the suitability of intel to be consumed by this hunt type can also be developed
As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Data Baselining mission type as well.
To consider when describing this mission type:
What is the background for it
What are the objectives of this mission type
Any considerations for activities performed for this mission type, and where do they fit within CAPEO
As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Hypothesis Driven mission type as well.
To consider when describing this mission type:
What is the background for it
What are the objectives of this mission type
Any considerations for activities performed for this mission type, and where do they fit within CAPEO
As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the ML Assisted Modelling mission type as well.
To consider when describing this mission type:
What is the background for it
What are the objectives of this mission type
Any considerations for activities performed for this mission type, and where do they fit within CAPEO
As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Deceptive Operations mission type as well.
To consider when describing this mission type:
What is the background for it
What are the objectives of this mission type
Any considerations for activities performed for this mission type, and where do they fit within CAPEO
Would it be possible to share SVG version of diagrams instead of PNG?
I'm asking regarding #2, also because I like to have "stretchable" images to integrate them no matter the document/device I'm using.
As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Attack Modelling mission type as well.
To consider when describing this mission type:
What is the background for it
What are the objectives of this mission type
Any considerations for activities performed for this mission type, and where do they fit within CAPEO
This mission consists basically of an effort to capture attack paths and attack narratives so that they can be leveraged for threat hunting and cyber deception purposes
Possible ways to go about this are: crafting attack paths based on current and past red-team engagements, known threat actor activities or pentests
As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Joint Red & Blue mission type as well.
To consider when describing this mission type:
What is the background for it
What are the objectives of this mission type
Any considerations for activities performed for this mission type, and where do they fit within CAPEO
Joint Red-Blue Missions
These missions need to consider both aspects of the engagement, the adversarial emulation one, and the detective one
They should be based on descriptions of plausible or likely attack narratives
Each step of the attack narrative is a milestone that serves as a touchpoint for the team or teams involved to consider artifacts produced and achieved impact
The mission should have clear exit criteria
The mission should produce outcomes that can be consumed by other security teams, control owners and other hunt mission types (like deceptive ops)