TTP – cyber -tactics- techniques- and procedures

TTP – cyber –tactics, techniques, and procedures

HUMINT in cyberspace- finding adversary activities in cyberspace with subject matter expertise in intrusion set tactics, techniques, and procedures (TTP)

gAtO tHiNk- we should all learn form the state actors and adapt – China – they profile a company- then the c-suite their likes, dislikes, social media, family – then build a profile and launch the phishing email to specific tageted c-suite that loves that new golf clubs, or watch they been looking for. Wham – PoW – were in..// we all know this.

Crawling Tor Hidden Service - websites

Crawling Tor Hidden Service – websites

Example in Tor there are a few under-web hacking sites were they trade small basic hacks and share information about weakness and exploits most of it is silly n00bs stuff, but once in a while you will see the real thing and you have to know better if it’s LE or a real gamer, faker or joker or a thief. You need a personas and make it trusted for a while – so it’s legit in that world-// then you just have to sit and look here and there, and find new places to search. From these sites you can gauge whats hot and whats new and real, but it’s all a game that you have to play. HUMINT in cyberspace that’s the way you see the real things come and go. Cyber fame is on some way a weakness in the geek squad that hack the codes that makes this all happen. So you have to sit and wait.

HUMINT in cyberspace can get insider intelligence if you do it right, the Tor-network is perfect for OPSEC countermeasures tool in anything in cyberspace. With a few proxies and/or VPN – it Boot’s up from a thumb drive and 100% secure in your possession and encrypted. Surf Tor or the real Internet secure and private- untraceable— add your own Tor-hidden service-website that you control without any DNS or domain registration -(with a laptop) your website can move from anyplace never the same spot twice with open WiFi-hotspots- for OPSEC websites that’s untraceable a thing like the Tor network is a great tool that a pro-adversary would use for secure communication (C2)c&c and distribution tool.

Source of new URL’s and websites: can be gathered with a simple crawler and search engine to store everything.- this will enable you to find new places to go in and check out – there is so much information on Tor, so many places to hide secrets – so it’s the most interesting place in cyberspace for a puzzle freak.

Tor comes in any flavor and rides on any Internet connection -KISS- With the information from the Search Engine —Now HUMINT in cyberspace has places to go and things to verify but it’s time spent in learning everything you think is crazy, just to see of it’s real. for example:Who may uses it?

TTP- We reverse-engineered a lot of Anonymous operations and saw a real interesting thing, in a loose based organized operations with many strangers never working together, they learned from all the OP’s and adapted every time, and I don’t mean simple attack methods or crap like that, it’s organized and well planned. Some were “placed” operations with state actors to see what can be done.—-tactics, techniques, and procedures

Some operations were too well organized. In some cases Anonymous was used as a ruse while the real threat hacked the side doors as they were kept busy with youngsters play toys. The real attackers hacked away and placed their logic bombs for later after things calm down…

It’s outside the box and thinking vulnerabilities not defense – every defense has a countermeasure. Once again HUMINT in cyberspace payed off to learn how the kiddies play, but learning most how the leaders think and plan and communicate and manage the people get’s the most miles.

As Anonymous’ cyber “activism” only increases in prevalence, many organizations—both government and corporate—have moved to protect vital, sensitive information, including NATO. By issuing this press release explaining their updated security procedures, NATO was acknowledging the rapid evolution in prevalence and sophistication of cyber terrorism since, well, not that long ago.

But if NATO—with the combined resources of 28 member countries—is that concerned about the protection of its sensitive data from admittedly sophisticated criminal enterprises, shouldn’t its announcement last week serve as a harbinger for other organizations without intercontinental alliances?

From supply chain attacks going after the big players thru small contractors get’s some of the best access to Intellectual Capital and other goodies. In cyberspacewe have found that when you select the target and keywords – then the TTP–tactics, techniques, and procedures become clear and make the rules to provide a solid plan for the operations.

HUMINT in cyberspace is the new skill set that will help you understand the new cyber enemy in the new digital domain with web-apps flying everywhere – by the time NATO put’s it all on paper, everything changed so adaptability and changing on a dime has to be the new rule in NATO and other corporations but are they too big to change with the times – if you don’t change and adapt then you loose in cyber-world -gAtO ouT.

ref:IAM and Cyber Terrorism: NATO Reassess Their Cyber Security Policies

http://www.aveksa.com/blog/bid/300679/IAM-and-Cyber-Terrorism-NATO-Reassess-Their-Cyber-Security-Policies

 

CrowdStrike Launches Security Service That Tracks Cyber-Attacker Tactics

http://www.eweek.com/security/crowdstrike-launches-security-service-that-tracks-cyber-attacker-tactics/

 

Advertisements
%d bloggers like this: