MAECO-Lite: Modular Ontology for Dynamic Malware Analysis

Capturing dynamic malware behavior in a practical but still semantically precise manner remains a significant challenge in cyber threat intelligence. While standards such as MAEC and STIX provide widely adopted vocabularies for describing malware artifacts and observations, they represent data wi...

Safeguarding Skies: Airport Cybersecurity in the Digital Age

The aviation industry faces significant vulnerabilities from both physical and cybersecurity threats, highlighting the urgent need for enhanced cybersecurity measures amid increasingly sophisticated attacks. This paper systematically reviews emerging threats at airports, analyzing real-world...

A Systematic Approach to Predict the Impact of Cybersecurity Vulnerabilities Using LLMs

Vulnerability databases, such as the National Vulnerability Database NVD, offer detailed descriptions of Common Vulnerabilities and Exposures CVEs, but often lack information on their real-world impact, such as the tactics, techniques, and procedures TTPs that adversaries may use to exploit the...

PurpleSharp - C# Adversary Simulation Tool That Executes Adversary Techniques With The Purpose Of Generating Attack Telemetry In Monitored Windows Environments

Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, buildi...

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware

Summary Recently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out of character due to FIN6’s historical targeting of payment card data. The intent of the intrusion was initially unclear because the customer did not...

Using MITRE ATT&CK When Researching Attacker Behavior in a Post-Compromise World

MITRE ATT&CK is arguably one of the best assets available to security professionals who want to dive into the intricacies of detecting and preventing adversary behaviors. Why is that? It’s a great knowledge base of known adversarial behaviors overlayed with attacker TTPs and their state in the...