Dropsafe

by Alec Muffett

Am I alone in feeling that MITRE ATT&CK is essentially D&D roleplay for pentesters who can’t get the Devops team to implement ISO27001 and have just got bored?

Sarah: Alright, team, the Russian Bear is hitting us with spear-phishing. We need to fortify our email gateways. Ideas?

John: Maybe implement multi-factor authentication across the board?

DM: Roll for success of your MFA implementation.

John rolls.

DM: Great job! The Russian Bear is baffled by your strengthened defenses. Now, prepare for the Chinese Dragon.

Alex: Economic cyber espionage, huh? We need to safeguard our critical data. How about encrypting our sensitive files?

DM: Roll to select your key-management strategy … ooooh, 1 – that’s an Spreadsheet in Excel …

…with help from ChatGPT
Incorporating MITRE ATT&CK in your Security Operations

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts