Educause Security Discussion mailing list archives

Re: SECURITY Digest - 26 Feb 2021 to 28 Feb 2021 (#2021-53)

From: Jesse F Moore <moorej1 () UW EDU>
Date: Mon, 1 Mar 2021 17:42:47 +0000
Hi Brain,
I am currently running workshops at UW for Atomic Red Team (Mitre ATT&CK), and how to detect it using Sysmon on Windows.

There is a lot of great detection by Sysmon that normal windows logs misses. So if you're admins are only looking at 
logs from Windows they are missing a ton of attacker trade craft and/or Mitre ATT&CK techniques in logs.

Let me know if you want to talk more about it.

-Jesse Moore
University of Washington
Sr. Cyber Security Advisor

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of SECURITY 
automatic digest system <LISTSERV () LISTSERV EDUCAUSE EDU>
Sent: Sunday, February 28, 2021 2:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: SECURITY Digest - 26 Feb 2021 to 28 Feb 2021 (#2021-53)

There is 1 message totalling 749 lines in this issue.

Topics of the day:

  1. Under ATT&CK?

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

----------------------------------------------------------------------

Date:    Sun, 28 Feb 2021 07:28:51 +0000
From:    Uday Kiran <ukiran () HCT AC AE>
Subject: Re: Under ATT&CK?

We are interested to start this discussion, from Higher Colleges of Technology!

Regards,

Uday Kiran
Snr Spl – Information Security
Office of Dir. Digital Technologies

اوداي كيران

أخصائي أول - أمن المعلومات

تكنولوجيا المعلومات



[Main logo]

Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates



www.hct.ac.ae<http://www.hct.ac.ae>

[Facebook]<https://www.facebook.com/hctuae>

[Twitter]<https://twitter.com/HCT_UAE>

[Instagram]<https://www.instagram.com/HCT_UAE/>

[YouTube]<https://www.youtube.com/user/hctuae>




[https://cdn.hct.ac.ae/signature_logo/June2019.jpg]

[Enviromental] Please consider the environment before printing this email

This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.




Uday Kiran
Senior Specialist - Information Security
Office of Dir. Digital Technologies
اوداي كيران
أخصائي أول - أمن المعلومات
تكنولوجيا المعلومات


[Main logo]     Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates

        www.hct.ac.ae<http://www.hct.ac.ae>
[Facebook]<https://www.facebook.com/hctuae>     [Twitter] <https://twitter.com/HCT_UAE>         [Instagram] 
<https://www.instagram.com/HCT_UAE/>        [YouTube] <https://www.youtube.com/user/hctuae>


[https://cdn.hct.ac.ae/signature_logo/email_signature-healthy-hct.jpg]
[Enviromental]  Please consider the environment before printing this email
This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Brian Kelly
Sent: Thursday, February 25, 2021 6:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Under ATT&CK?

"External Email: This email is from 'external source'. If you see this as suspicious then please forward the email to 
infosec () hct ac ae<mailto:infosec () hct ac ae> and do not respond to this email"
________________________________
Good morning,
I’m interested in gauging the adoption of or interest in getting started with Mitre ATT&CK - 
https://attack.mitre.org/<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fattack.mitre.org%2F&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150345629%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=T3A0dOUpw%2B9KPtLx8%2BuATeNtAy41G8jnKiggDwXOO2Q%3D&reserved=0>
 in our community.
Please let me know if

  *   You are currently using ATT&CK
  *   Would be interested in a getting started with ATT&CK session at the Cybersecurity and Privacy Professionals 
Conference in June.

Have a great day,

Brian
Brian Kelly, CISSP, CISM, CEH
Director, Cybersecurity 
Program<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Ffocus-areas-and-initiatives%2Fpolicy-and-security%2Fcybersecurity-program&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150350600%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JsBr9IIjnnWkQfc4vb%2FTFttB3nZl9a3%2BCuddO%2Fg9hRU%3D&reserved=0>
bkelly () educause edu<mailto:bkelly () educause edu>

EDUCAUSE
Uncommon Thinking for the Common Good
Follow HEISC on 
LinkedIn<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150355580%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=d66fo5iaFlC8QVWzlYPWqaEIcLVFH3FdgfKM2gXQXEo%3D&reserved=0>
 | Twitter: @HEISCouncil

direct: 475.449.6440 | 
educause.edu<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2F&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150360548%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8a9tEtSJaetVYaG5fR6xRERLrpCSTsn%2Fh9JAq2HqcFo%3D&reserved=0>
1150 18th Street, NW, Suite 900 Washington, DC 20036



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cukiran%40HCT.AC.AE%7Cff10ca9d53cd4a8a321b08d8d9962318%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637498586150365531%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uDNiIOLmXgfeAROWgl4vLLiSn%2Bf45lMX77cEdPuW520%3D&reserved=0>

________________________________

The information in this email and any attachments are confidential and solely for the use of the individual or entity 
to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you 
have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance 
on the content of this information is strictly prohibited and may be unlawful. If you have received this email in 
error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer 
() hct ac ae. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes 
made to them by any other person.

تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم 
باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً 
الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات 
التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae. كما أننا لا نضمن سلامة أي بريد إلكتروني أو 
مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر.

________________________________

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.ed

------------------------------

End of SECURITY Digest - 26 Feb 2021 to 28 Feb 2021 (#2021-53)
**************************************************************

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Current thread:

Re: SECURITY Digest - 26 Feb 2021 to 28 Feb 2021 (#2021-53) Jesse F Moore (Mar 01)