darkquasar / aimod2 Goto Github PK

As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Threat Intelligence mission type as well.

To consider when describing this mission type:

• What is the background for it
• What are the objectives of this mission type
• Any considerations for activities performed for this mission type, and where do they fit within CAPEO

Threat Intel Hunt Missions

• They need to be based on tactical threat intelligence products
• Threat Intel reports that contain enough elements to describe attacker TTP can be leveraged for these missions
• A process for qualifying the suitability of intel to be consumed by this hunt type can also be developed

As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Data Baselining mission type as well.

To consider when describing this mission type:

• What is the background for it
• What are the objectives of this mission type
• Any considerations for activities performed for this mission type, and where do they fit within CAPEO

As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Hypothesis Driven mission type as well.

To consider when describing this mission type:

• What is the background for it
• What are the objectives of this mission type
• Any considerations for activities performed for this mission type, and where do they fit within CAPEO

As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the ML Assisted Modelling mission type as well.

To consider when describing this mission type:

• What is the background for it
• What are the objectives of this mission type
• Any considerations for activities performed for this mission type, and where do they fit within CAPEO

As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Deceptive Operations mission type as well.

To consider when describing this mission type:

• What is the background for it
• What are the objectives of this mission type
• Any considerations for activities performed for this mission type, and where do they fit within CAPEO

Hi @darkquasar

Would it be possible to share SVG version of diagrams instead of PNG?
I'm asking regarding #2, also because I like to have "stretchable" images to integrate them no matter the document/device I'm using.

Thanks!

Hi @darkquasar,

First of all, thanks a lot for AIMOD2!

I wanted to inform you that /AIMOD2/diagrams/ folder is missing on the main branch:

This results to a dead link on README.md

As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Attack Modelling mission type as well.

To consider when describing this mission type:

• What is the background for it
• What are the objectives of this mission type
• Any considerations for activities performed for this mission type, and where do they fit within CAPEO

Attack Modelling

• The concept for this mission is heavily linked to MITRE Attack Flow
• This mission consists basically of an effort to capture attack paths and attack narratives so that they can be leveraged for threat hunting and cyber deception purposes
• Possible ways to go about this are: crafting attack paths based on current and past red-team engagements, known threat actor activities or pentests

Hi @darkquasar

I identified a typo on top right of https://aimod2.com/diagrams/AIMOD2-origins-01.excalidraw.png
I assume that we might have Analyse instead of Analyise on CAPEO.

Thanks!

As part of AIMOD2 Framework, there are 8 different hunt mission types as described in DAIKI. So far only one mission type has been defined (External Attack Vector Discovery). We need to define the Joint Red & Blue mission type as well.

To consider when describing this mission type:

• What is the background for it
• What are the objectives of this mission type
• Any considerations for activities performed for this mission type, and where do they fit within CAPEO

Joint Red-Blue Missions

• These missions need to consider both aspects of the engagement, the adversarial emulation one, and the detective one
• They should be based on descriptions of plausible or likely attack narratives
• Each step of the attack narrative is a milestone that serves as a touchpoint for the team or teams involved to consider artifacts produced and achieved impact
• The mission should have clear exit criteria
• The mission should produce outcomes that can be consumed by other security teams, control owners and other hunt mission types (like deceptive ops)