Educause Security Discussion mailing list archives
Re: SECURITY Digest - 26 Feb 2021 to 28 Feb 2021 (#2021-53)
From: Jesse F Moore <moorej1 () UW EDU>
Date: Mon, 1 Mar 2021 17:42:47 +0000
Hi Brain, I am currently running workshops at UW for Atomic Red Team (Mitre ATT&CK), and how to detect it using Sysmon on Windows. There is a lot of great detection by Sysmon that normal windows logs misses. So if you're admins are only looking at logs from Windows they are missing a ton of attacker trade craft and/or Mitre ATT&CK techniques in logs. Let me know if you want to talk more about it. -Jesse Moore University of Washington Sr. Cyber Security Advisor ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of SECURITY automatic digest system <LISTSERV () LISTSERV EDUCAUSE EDU> Sent: Sunday, February 28, 2021 2:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Subject: SECURITY Digest - 26 Feb 2021 to 28 Feb 2021 (#2021-53) There is 1 message totalling 749 lines in this issue. Topics of the day: 1. Under ATT&CK? ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ---------------------------------------------------------------------- Date: Sun, 28 Feb 2021 07:28:51 +0000 From: Uday Kiran <ukiran () HCT AC AE> Subject: Re: Under ATT&CK? We are interested to start this discussion, from Higher Colleges of Technology! Regards, Uday Kiran Snr Spl – Information Security Office of Dir. Digital Technologies اوداي كيران أخصائي أول - أمن المعلومات تكنولوجيا المعلومات [Main logo] Direct.: 9712 206 1182 Mobile: +971 56 501 1182 Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae> P.O.Box: 25026, Abu Dhabi, United Arab Emirates www.hct.ac.ae<http://www.hct.ac.ae> [Facebook]<https://www.facebook.com/hctuae> [Twitter]<https://twitter.com/HCT_UAE> [Instagram]<https://www.instagram.com/HCT_UAE/> [YouTube]<https://www.youtube.com/user/hctuae> [https://cdn.hct.ac.ae/signature_logo/June2019.jpg] [Enviromental] Please consider the environment before printing this email This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the author's employer. Uday Kiran Senior Specialist - Information Security Office of Dir. Digital Technologies اوداي كيران أخصائي أول - أمن المعلومات تكنولوجيا المعلومات [Main logo] Direct.: 9712 206 1182 Mobile: +971 56 501 1182 Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae> P.O.Box: 25026, Abu Dhabi, United Arab Emirates www.hct.ac.ae<http://www.hct.ac.ae> [Facebook]<https://www.facebook.com/hctuae> [Twitter] <https://twitter.com/HCT_UAE> [Instagram] <https://www.instagram.com/HCT_UAE/> [YouTube] <https://www.youtube.com/user/hctuae> [https://cdn.hct.ac.ae/signature_logo/email_signature-healthy-hct.jpg] [Enviromental] Please consider the environment before printing this email This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the author's employer. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Brian Kelly Sent: Thursday, February 25, 2021 6:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Under ATT&CK? "External Email: This email is from 'external source'. If you see this as suspicious then please forward the email to infosec () hct ac ae<mailto:infosec () hct ac ae> and do not respond to this email" ________________________________ Good morning, I’m interested in gauging the adoption of or interest in getting started with Mitre ATT&CK - https://attack.mitre.org/<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fattack.mitre.org%2F&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150345629%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=T3A0dOUpw%2B9KPtLx8%2BuATeNtAy41G8jnKiggDwXOO2Q%3D&reserved=0> in our community. Please let me know if * You are currently using ATT&CK * Would be interested in a getting started with ATT&CK session at the Cybersecurity and Privacy Professionals Conference in June. Have a great day, Brian Brian Kelly, CISSP, CISM, CEH Director, Cybersecurity Program<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Ffocus-areas-and-initiatives%2Fpolicy-and-security%2Fcybersecurity-program&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150350600%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JsBr9IIjnnWkQfc4vb%2FTFttB3nZl9a3%2BCuddO%2Fg9hRU%3D&reserved=0> bkelly () educause edu<mailto:bkelly () educause edu> EDUCAUSE Uncommon Thinking for the Common Good Follow HEISC on LinkedIn<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150355580%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=d66fo5iaFlC8QVWzlYPWqaEIcLVFH3FdgfKM2gXQXEo%3D&reserved=0> | Twitter: @HEISCouncil direct: 475.449.6440 | educause.edu<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2F&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150360548%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8a9tEtSJaetVYaG5fR6xRERLrpCSTsn%2Fh9JAq2HqcFo%3D&reserved=0> 1150 18th Street, NW, Suite 900 Washington, DC 20036 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150365531%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uDNiIOLmXgfeAROWgl4vLLiSn%2Bf45lMX77cEdPuW520%3D&reserved=0> ________________________________ The information in this email and any attachments are confidential and solely for the use of the individual or entity to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance on the content of this information is strictly prohibited and may be unlawful. If you have received this email in error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer () hct ac ae. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes made to them by any other person. تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae. كما أننا لا نضمن سلامة أي بريد إلكتروني أو مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر. ________________________________ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.ed ------------------------------ End of SECURITY Digest - 26 Feb 2021 to 28 Feb 2021 (#2021-53) ************************************************************** ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: SECURITY Digest - 26 Feb 2021 to 28 Feb 2021 (#2021-53) Jesse F Moore (Mar 01)