Defenders thinking lists, whereas attackers think in graphs, and as long as that's true, we're letting

attackers win. Hi and welcome to Sabirism's malicious life besides I'm Ran Levy. Innovation is naturally a fundamental part of cybersecurity.

It is what allows defenders to keep up with the ever shifting landscape of threats and techniques employed by attackers.

But not all innovation has to be necessarily technological in nature.

Sometimes, even relatively small changes to the way we view and analyze existing information

can be helpful in better utilizing our present technology.

The MITER Attack Flow Project aims to do exactly that.

It is essentially a new way to visualize, analyze and share knowledge about sequences of adversary behavior.

Visually, it's a flow chart.

It shows actions such as resource hijacking and deploying containers,

assets like AWS credentials or compute resources and arrows depicting the

flow of known attacks using these actions and assets.

For example, say that we have analyzed an intrusion that resulted in the exhalteration of data

from an organization.

Our Miter attack flow chart will look something like this.

At the very top, a blue rectangle representing the asset used by the attackers to infiltrate the network,

say an exposed Kubernetis dashboard.

From that blue rectangle, an arrow will point to a red rectangle representing an action, in this case using an external

remote service such as a VPN to infiltrate the organization's internal network.

What this flow chart shows us then is a certain attack flow,

from an exposed dashboard to an external remote service.

Of course, there are many such potential

...