Ruben Bouman

We updated DeTT&CT and Dettectinator to support the new MITRE ATT&CK TAXII server and to support the new ATT&CK v16.1 version. Checkout github.com/rabobank-cdc/D… and github.com/siriussecurity… for the new releases.

DeTT&CT now supports Mobile 📱 data sources 🥳 which are introduced in version 13 of MITRE ATT&CK 🤩 github.com/rabobank-cdc/D…

We created a new release of Dettectinator. This is our toolkit for automating large parts of the MITRE ATT&CK mapping process with DeTT&CT. We added support for Group YAML files and plugins to read CTI reports. Checkout our Github site: github.com/siriussecurity…

@zaanpenguin @Bakk3rM Can you send me a DM to get in touch?

@Bakk3rM @rubinatorz I'd love to integrate DETT&CT into the AttackMatrix API: github.com/uforia/AttackM…; would you be interested in some collab?

New blog post! Title: DeTT&CT: Automate your detection coverage with dettectinator | by Renaud Frère Link: wp.me/p84lDr-3zo #infosec #BlueTeam #MITRE #detection

Time for another present 🎄 A new release of our #Dettectinator tool! This version supports data source plugins and we already added a couple to the box! We also included 2 new technique plugins and some other improvements and fixes. Unwrap it here 🎁: github.com/siriussecurity…

@BruteForceLLC We implemented your idea on including software techniques in the scores of the DeTT&CT heat map when a threat actor uses specific software. The CLI option is --brute_force_llc euh... I mean --include-software

Our Christmas present for the ATT&CK community :-) DeTT&CT now supports ATT&CK Campaigns. Happy holidays🎄🎅🌟 github.com/rabobank-cdc/D… #ATTACK

@Cyb3rMonk Sync it with a Git repo... and you can do anything you want.

@rubinatorz NOOOOO!!!! It doesn't let you export porperly :(

Which note taking app do you use for knowledge base, etc. purposes? I use OneNote for a long time and want to switch to something else but I'm a bit hesitant.

2️⃣- Did you know that writing malware is a technique❓ T1587.011 isn't one to immediately defend (we'll eventually get to more of those💙), but artifacts of this technique can highlight trends as well as insights into adversary operations🔭👀🔨 attack.mitre.org/techniques/T15…

2️⃣5️⃣ days of techniques🎄 1️⃣- T1480 is restricting payload exec based on matching expected traits of the victim, maybe less relevant to defend vice being insightful for CTI & annoying for RE Seeing this more in red team tools too 🦺 attack.mitre.org/techniques/T14…

@martijnveken @olafhartong @SecurePeacock @Bakk3rM @Cyb3rWard0g 🤓

Blue teams should really check out DeTTECT: github.com/rabobank-cdc/D… Shoutout to @Bakk3rM & @rubinatorz

@SecurePeacock @Bakk3rM LOL "today". Let us know what you think of it. We're already working on some new plugins regarding data sources :-)

@rubinatorz @Bakk3rM I had not! Guess it's time to update my slides real quick before the Purple Team Workshop today.

I get a lot of questions on ATT&CK&DeTT&CT, want to mention that we provide training on this topic. Interested? Let us know on siriussecurity.nl/training

Tonight at #dutchsecmeetup session by @rubinatorz about ‘Automating ATT&CK coverage with DeTT&C’ hosted at @UnicaNL i #Hoevelaken dettectinator for automated import from your SIEM like @azure #sentinal or @splunk

This is my account on Mastodon - @rubinatorz" target="_blank" rel="nofollow noopener">infosec.exchange/@rubinatorz - verified by Twittodon.com