Thomas Gardner
Thomas Gardner
This example is meant to emulate some of the basic steps cryptojacking campaigns like [Rocke](https://redcanary.com/blog/rocke-cryptominer/) and TeamTNT perform. I was a bit unclear on when to use fork-and-rename vs. exec*,...
This example is meant to emulate some of the basic steps DDoS botnets like Mirai and [Gafgyt](https://www.f5.com/labs/articles/threat-intelligence/gafgyt-targeting-huawei-and-asus-routers-and-killing-off-rival-iot-botnets) do when installing on a host
It would be nice to be able to provide simple string parameters to the compiled binaries on execution, either in the form of CLI parameters or environment variables. My existing...
ATT&CK v11 just came out: https://github.com/mitre/cti/releases/tag/ATT%26CK-v11.0 but the extension doesn't recognize the new version ``` ... [2022-04-25T21:37:51.137Z] Checking extension cache for MITRE ATT&CK mapping. [2022-04-25T21:37:51.530Z] Nothing to do. Cached version...
Periodically (weekly?) check in on the ATT&CK GitHub site for new framework versions. Currently, ATT&CK maps are only downloaded at application startup when called in the [activate()](https://github.com/redcanaryco/vscode-attack/blob/683043553b6843a62df1638f054f36538f4069e2/src/extension.ts#L156) function. Some users...
If someone wants to fork this repo and make their own version or submit a PR, it would be nice if they didn't have to read the mountain of documentation...
Users may have their own local repositories of MITRE ATT&CK data, and they may not want to use the [mitre/cti](https://github.com/mitre/cti) version. Add in a setting that uses GitHub by default,...
Right now, there is an implicit assumption that all tactics, techniques, etc. are part of the Enterprise ATT&CK framework. This is largely represented in the [regex used to identify object...