, uninzi (87%) lweziganeko zokhuseleko lolwazi lwenzeka kwimizuzu nje, kwaye kwi-68% yeenkampani kuthatha iinyanga ukuba zibhaqe. Oku kungqinwa ngu , ngokutsho oko kuthatha imibutho emininzi umyinge weentsuku ze-206 ukufumanisa isiganeko. Ngokusekwe kumava ophando lwethu, abahlaseli banokulawula isiseko senkampani iminyaka ngaphandle kokubhaqwa. Ke, kwelinye lemibutho apho iingcali zethu ziphande ngesiganeko sokhuseleko lolwazi, kwavezwa ukuba abahlaseli balawula ngokupheleleyo iziseko zombutho kwaye beba rhoqo ulwazi olubalulekileyo. .
Masithi sele unayo i-SIEM eqhubayo eqokelela izingodo kwaye ihlalutye imicimbi, kwaye isoftware ye-antivirus ifakwe kwiindawo zokuphela. Nangona kunjalo, , njengokuba kungenakwenzeka ukuphumeza iinkqubo ze-EDR kuwo wonke umnatha womnatha, oku kuthetha ukuba iindawo "ezingaboniyo" azikwazi ukuphetshwa. Iinkqubo zohlalutyo lwetrafikhi yenethiwekhi (NTA) zinceda ukujongana nazo. Ezi zisombululo zibona umsebenzi womhlaseli kwinqanaba lokuqala lokungena kwinethiwekhi, kunye nangexesha lokuzama ukufumana indawo kunye nokuphuhlisa ukuhlaselwa ngaphakathi kwenethiwekhi.
Zimbini iindidi zee-NTAs: ezinye zisebenza nge-NetFlow, ezinye zihlalutya itrafikhi ekrwada. Inzuzo yeenkqubo zesibini kukuba zinokugcina iirekhodi zendlela ekrwada. Ndiyabulela kule nto, ingcali yokhuseleko lolwazi inokuqinisekisa impumelelo yohlaselo, ibeke isoyikiso kwindawo ethile, iqonde indlela uhlaselo lwenzeke ngayo kunye nendlela yokuthintela okufanayo kwixesha elizayo.
Siza kubonisa ukuba usebenzisa i-NTA ungasebenzisa njani ubungqina obuthe ngqo okanye obungathanga ngqo ukuchonga zonke iindlela zokuhlasela ezaziwayo ezichazwe kwisiseko solwazi. . Siza kuthetha malunga neqhinga ngalinye le-12, sihlalutye ubuchule obufunyenwe yi-traffic, kwaye sibonise ukufumanisa kwabo ngokusebenzisa inkqubo yethu ye-NTA.
Malunga nesiseko solwazi se-ATT&CK
I-MITER ATT & CK sisiseko solwazi loluntu oluphuhliswe kwaye lugcinwe yi-MITER Corporation ngokusekelwe kuhlalutyo lwee-APTs zehlabathi lokwenene. Iseti ecwangcisiweyo yamaqhinga kunye nobuchule obusetyenziswa ngabahlaseli. Oku kuvumela iingcali zokhuseleko lolwazi ezivela kwihlabathi liphela ukuba zithethe ulwimi olufanayo. I-database ikhula rhoqo kwaye yongezwa ngolwazi olutsha.
Uvimba weenkcukacha uchonga amaqhinga ali-12, ahlulwe ngamanqanaba ohlaselo lwe-cyber:
- ukufikelela kokuqala;
- ukwenza;
- ukuqinisa (ukuzingisa);
- ukunyuka kwamalungelo;
- ukuthintela ukufumanisa (ukuphepha ukukhusela);
- ukufumana iziqinisekiso (ukufikelela kwiinkcukacha);
- ukuhlola;
- ukunyakaza ngaphakathi komjikelezo (ukunyakaza kwecala);
- ukuqokelelwa kwedatha (ukuqokelela);
- umyalelo nolawulo;
- ukukhutshwa kwedatha;
- impembelelo.
Kwiqhinga ngalinye, isiseko solwazi se-ATT & CK sidwelisa uluhlu lweendlela ezinceda abahlaseli bafezekise injongo yabo kwinqanaba langoku lohlaselo. Ekubeni ubuchule obufanayo bunokusetyenziswa kumanqanaba ahlukeneyo, bunokubhekisela kumaqhinga aliqela.
Inkcazo yenkqubo nganye ibandakanya:
- isichongi;
- uluhlu lwamaqhinga apho isetyenziswa khona;
- imizekelo yokusetyenziswa ngamaqela e-APT;
- amanyathelo okunciphisa umonakalo ekusebenziseni kwayo;
- iingcebiso zokubona.
Iingcali zokhuseleko lolwazi zingasebenzisa ulwazi oluvela kwisiseko sedatha ukucwangcisa ulwazi malunga neendlela zangoku zokuhlasela kwaye, ngokuthathela ingqalelo oku, ukwakha inkqubo yokhuseleko esebenzayo. Ukuqonda indlela asebenza ngayo amaqela e-APT okwenyani kunokuba ngumthombo wengqikelelo yokukhangela ngokukhawuleza izoyikiso ngaphakathi. .
Malunga ne-PT Network Attack Discovery
Siza kuchonga ukusetyenziswa kobuchule obuvela kwi-ATT & CK matrix usebenzisa inkqubo -Inkqubo ye-NTA yeTekhnoloji yePositive, eyilelwe ukukhangela uhlaselo kwi-perimeter nangaphakathi kwinethiwekhi. I-PT NAD igubungela, ukuya kumaqondo ahlukeneyo, onke amaqhinga ali-12 e-MITER ATT&CK matrix. Unamandla kakhulu ekuchongeni ubuchule bokufikelela okokuqala, ukunyakaza kwecala, kunye nomyalelo kunye nokulawula. Kuzo, i-PT NAD igubungela ngaphezulu kwesiqingatha seendlela ezaziwayo, ukufumanisa ukusetyenziswa kwazo ngeempawu ezithe ngqo okanye ezingathanga ngqo.
Inkqubo ibona uhlaselo kusetyenziswa ubuchule be-ATT & CK isebenzisa imithetho yokufumanisa eyenziwe liqela (PT ESC), ukufundwa komatshini, izikhombisi zokuthobela, uhlalutyo olunzulu kunye nokuhlalutya okubuyela emva. Uhlalutyo lwexesha lokwenyani lwetrafikhi oludityaniswe ne-retrospective likuvumela ukuba uchonge umsebenzi okhohlakeleyo okhoyo ngoku kwaye ulandelele iivektha zophuhliso kunye nokulandelelana kohlaselo.
imephu epheleleyo ye-PT NAD ukuya kwi-MITER ATT&CK matrix. Umfanekiso mkhulu, ngoko sicebisa ukuba uwujonge kwifestile eyahlukileyo.
Ufikelelo lokuqala
Amaqhinga okufikelela okuqala aquka ubuchule bokugqobhoza kuthungelwano lwenkampani. Injongo yabahlaseli kweli nqanaba kukuhambisa ikhowudi ekhohlakeleyo kwinkqubo ehlaselweyo kunye nokuqinisekisa ukuba kunokwenzeka ukubulawa kwayo ngakumbi.
Uhlalutyo lwetrafikhi oluvela kwi-PT NAD lutyhila iindlela ezisixhenxe zokufumana ufikelelo lokuqala:
1. : drive-by compromise
Indlela apho ixhoba livula iwebhusayithi esetyenziswa ngabahlaseli ukuxhaphaza isiphequluli sewebhu kunye nokufumana amathokheni okufikelela kwisicelo.
I-PT NAD yenza ntoni?: Ukuba itrafikhi yewebhu ayibhalwanga ngokuntsonkothileyo, i-PT NAD ihlola umxholo weempendulo zeseva ye-HTTP. Ezi mpendulo ziqulathe izenzo ezivumela abahlaseli ukuba benze ikhowudi engenasizathu ngaphakathi kwesikhangeli. I-PT NAD ifumanisa ngokuzenzekelayo ukuxhaphaza okunjalo usebenzisa imithetho yokufumanisa.
Ukongeza, i-PT NAD ibona isoyikiso kwisinyathelo sangaphambili. Imithetho kunye nezalathi zokuthotyelwa zibangelwa ukuba umsebenzisi uye watyelela indawo eyamthumela kwindawo eneqela lezinto zokuxhaphaza.
2. : sebenzisa isicelo esijongene noluntu
Ukusetyenziswa kobuthathaka kwiinkonzo ezifumaneka kwi-Intanethi.
I-PT NAD yenza ntoni?: Yenza uhlolo olunzulu lwemixholo yeepakethi zenethiwekhi, ukuchonga iimpawu zemisebenzi engaqhelekanga. Ngokukodwa, kukho imigaqo ekuvumela ukuba ubone ukuhlaselwa kwiinkqubo ezinkulu zokulawula umxholo (i-CMS), i-intanethi ye-intanethi yezixhobo zenethiwekhi, kunye nokuhlaselwa kwi-imeyile kunye neeseva ze-FTP.
3. : iinkonzo zangaphandle ezikude
Abahlaseli basebenzisa iinkonzo zokufikelela kude ukuxhuma kwimithombo yenethiwekhi yangaphakathi evela ngaphandle.
I-PT NAD yenza ntoni?: kuba inkqubo ibona iiprothokholi hayi ngamanani ezibuko, kodwa ngemixholo yeepakethi, abasebenzisi benkqubo banokuhluza i-traffic ukufumana zonke iiseshini zokufikelela okude kwaye bajonge ukuba semthethweni kwazo.
4. : uncamathiselo lwe-spearphishing
Sithetha malunga nokuthunyelwa kwe-phishing attachments.
I-PT NAD yenza ntoni?: Ikhupha iifayile kwi-traffic ngokuzenzekelayo kwaye ijonge ngokuchasene nezalathi zokulala. Iifayile eziphunyeziweyo kwiziqhotyoshelwano zichongiwe ngemigaqo ehlalutya umxholo wetrafikhi yeposi. Kwimeko yeshishini, utyalo-mali olunjalo lubonwa njengento engaqhelekanga.
5. : ikhonkco lokukhohlisa
Ukusebenzisa amakhonkco enkohliso. Ubuchwephesha bubandakanya abahlaseli ukuthumela i-imeyile ye-phishing ngekhonkco ethi, xa ucofa, ikhuphele inkqubo engalunganga. Njengomthetho, ikhonkco ihamba kunye nesicatshulwa esihlanganiswe ngokuhambelana nayo yonke imithetho yobunjineli bezentlalo.
I-PT NAD yenza ntoni?: Ibhaqa amakhonkco enkohliso kusetyenziswa izikhombisi zokulalanisa. Ngokomzekelo, kwi-interface ye-PT NAD sibona iseshoni apho kwakukho uxhumano lwe-HTTP ngekhonkco elibandakanyiweyo kuluhlu lweedilesi ze-phishing (phishing-urls).
Uqhagamshelwano ngekhonkco olusuka kuludwe lwezalathi ze-phishing-urls
6. : ubudlelwane obuthembekileyo
Ukufikelela kwinethiwekhi yexhoba ngokusebenzisa amaqela esithathu apho ixhoba liye laseka ubudlelwane obuthembekileyo. Abahlaseli banokugqekeza umbutho othembekileyo kwaye baxhume kwinethiwekhi ekujoliswe kuyo ngayo. Ukwenza oku, basebenzisa uxhumano lwe-VPN okanye i-domain trusts, enokuthi ichongwe ngokuhlalutya kwe-traffic.
I-PT NAD yenza ntoni?: ucazulula iiprothokholi zesicelo kwaye ugcina imihlaba ecaluliweyo kwisiseko sedatha, ukuze umhlalutyi wokhuseleko lolwazi asebenzise izihluzi zokucoca zonke ii-VPN ezikrokrelekayo zokudityaniswa okanye uqhagamshelo lwesizinda esinqamlezileyo kwisiseko sedatha.
7. : iiakhawunti ezisebenzayo
Ukusebenzisa iziqinisekiso ezisemgangathweni, zendawo okanye zesizinda sogunyaziso kwiinkonzo zangaphandle nangaphakathi.
I-PT NAD yenza ntoni?: Ifumana ngokuzenzekelayo iziqinisekiso ezivela kwiHTTP, FTP, SMTP, POP3, IMAP, SMB, DCE/RPC, SOCKS5, LDAP, Kerberos protocol. Ngokubanzi, oku kukungena, igama lokugqitha kunye nomqondiso woqinisekiso oluyimpumelelo. Ukuba sele zisetyenzisiwe, ziboniswa kwikhadi leseshoni elihambelanayo.
Ukubulawa
Ubuchule bokwenza bubandakanya ubuchule abahlaseli basebenzisa ikhowudi kwiinkqubo ezithotyiweyo. Ukubaleka ikhowudi ekhohlakeleyo kunceda abahlaseli baseke ubukho (iqhinga lokuzingisa) kunye nokwandisa ukufikelela kwiinkqubo ezikude kwinethiwekhi ngokuhamba ngaphakathi komjikelezo.
I-PT NAD ikuvumela ukuba ubone ukusetyenziswa kweendlela ezili-14 ezisetyenziswa ngabahlaseli ukwenza ikhowudi engalunganga.
1. : CMSTP (Microsoft Connection Manager Profile Installer)
Iqhinga apho abahlaseli balungiselela ukufakela okungalunganga okukhethekileyo kwefayile ye-INF ye-Windows eyakhelweyo i-CMSTP.exe (uMphathi woQhagamshelwano loMhlohli weProfayili). I-CMSTP.exe ithatha ifayile njengeparamitha kwaye ihlohla iprofayile yenkonzo yoqhagamshelwano olukude. Ngenxa yoko, i-CMSTP.exe ingasetyenziselwa ukulayisha kunye nokwenza iilayibrari zekhonkco eziguquguqukayo (*.dll) okanye i-scriptlets (*.sct) ukusuka kwiiseva ezikude.
I-PT NAD yenza ntoni?: Ibona ngokuzenzekelayo ukuhanjiswa kweentlobo ezikhethekileyo zeefayile ze-INF kwitrafikhi ye-HTTP. Ukongeza koku, ibona ukuhanjiswa kwe-HTTP kwemibhalo engalunganga kunye namathala eencwadi aguqukayo asuka kwiseva ekude.
2. : ujongano lomgca womyalelo
Ukusebenzisana nojongano lomgca womyalelo. Ujongano lomgca womyalelo unokudityaniswa nendawo okanye ukude, umzekelo usebenzisa izixhobo zokufikelela kude.
I-PT NAD yenza ntoni?: Ibhaqa ngokuzenzekelayo ubukho bamaqokobhe asekwe kwiimpendulo zemiyalelo yokundulula izixhobo ezahlukeneyo zelayini yomyalelo, njengeping, ifconfig.
3. : imodeli yecandelo kunye nokuhanjiswa kweCOM
Ukusetyenziswa kwetekhnoloji ye-COM okanye ye-DCOM ukwenza ikhowudi kwiinkqubo zasekhaya okanye ezikude ngelixa uhamba kwinethiwekhi.
I-PT NAD yenza ntoni?: Ibhaqa iifowuni ze-DCOM ezikrokrelayo ezidla ngokusetyenziswa ngabahlaseli ukusungula iinkqubo.
4. : ukuxhaphaza ukubulawa kwabaxhasi
Ukusetyenziswa kobuthathaka ukwenza ikhowudi engafanelekanga kwindawo yokusebenza. Ezona zinto zisebenzisekayo ziluncedo kubahlaseli zezo zivumela ikhowudi ukuba iqhutywe kwinkqubo ekude, njengoko inokuvumela abahlaseli ukuba bafumane ukufikelela kuloo nkqubo. Ubuchwephesha bunokuphunyezwa kusetyenziswa ezi ndlela zilandelayo: uthumelo olukhohlakeleyo, iwebhusayithi ene-browser exploits, kunye nokusetyenziswa okude kobuthathaka besicelo.
I-PT NAD yenza ntoni?: Xa ucazulula itrafikhi yemeyile, i-PT NAD iyayijonga ubukho beefayile ezisebenzisekayo kwiziqhoboshelo. Ikhupha ngokuzenzekelayo amaxwebhu e-ofisi kwii-imeyile ezinokuthi ziqulathe ukuxhaphaza. Iinzame zokusebenzisa ubuthathaka ziyabonakala kwi-traffic, ethi i-PT NAD ibone ngokuzenzekelayo.
5. : mshta
Sebenzisa usetyenziso lwe-mshta.exe, olusebenzisa usetyenziso lweMicrosoft HTML (HTA) ngolwandiso lwe-.hta. Ngenxa yokuba i-mshta iqhuba iifayile ngokugqitha useto lokhuseleko lwesikhangeli, abahlaseli banokusebenzisa i-mshta.exe ukuphumeza i-HTA eyingozi, iJavaScript, okanye iifayile zeVBScript.
I-PT NAD yenza ntoni?: Iifayile ze-.hta zokuphunyezwa nge-mshta nazo zihanjiswa phezu kwenethiwekhi - oku kunokubonwa kwi-traffic. I-PT NAD ibhaqa ugqithiso lweefayile ezilolo hlobo ngokuzenzekelayo. Ibamba iifayile, kwaye ulwazi malunga nabo lunokujongwa kwikhadi leseshoni.
6. : PowerShell
Ukusebenzisa iPowerShell ukufumana ulwazi kunye nokwenza ikhowudi engalunganga.
I-PT NAD yenza ntoni?: Xa i-PowerShell isetyenziswa ngabahlaseli abakude, i-PT NAD ibona oku ngokusebenzisa imithetho. Ibhaqa amagama angundoqo olwimi lwe-PowerShell asetyenziswa rhoqo kwizikripthi ezinobungozi kunye nokuhanjiswa kwemibhalo ye-PowerShell ngaphezulu kweprotocol ye-SMB.
7. : umsebenzi ocwangcisiweyo
Ukusebenzisa i-Windows Task Scheduler kunye nezinye izinto eziluncedo ukuqhuba ngokuzenzekelayo iinkqubo okanye izikripthi ngamaxesha athile.
I-PT NAD yenza ntoni?: abahlaseli benza imisebenzi enjalo, ngokuqhelekileyo bekude, okuthetha ukuba iiseshini ezinjalo ziyabonakala kwi-traffic. I-PT NAD ibona ngokuzenzekelayo ukudalwa komsebenzi okrokrelekayo kunye nokusebenza kohlengahlengiso usebenzisa i-ATSVC kunye ne-ITaskSchedulerService RPC ujongano.
8. : umbhalo
Ukwenziwa kwezikripthi ukwenza ngokuzenzekelayo izenzo ezahlukeneyo zabahlaseli.
I-PT NAD yenza ntoni?: ibona ukuhanjiswa kwezikripthi kuthungelwano, oko kukuthi, nangaphambi kokuba ziqaliswe. Ibona umxholo weskripthi kwitrafikhi ekrwada kwaye ibona ukuhanjiswa kwenethiwekhi yeefayile kunye nezandiso ezihambelana neelwimi ezibhalwayo ezidumileyo.
9. : ukwenziwa kwenkonzo
Sebenzisa ifayile ephunyeziweyo, imiyalelo yojongano lwelayini yomyalelo, okanye iscript ngokunxibelelana neenkonzo zeWindows, ezinje ngoMphathi woLawulo lweNkonzo (SCM).
I-PT NAD yenza ntoni?: ihlola i-SMB traffic kwaye ibona ukufikelela kwi-SCM kunye nemithetho yokudala, ukutshintsha kunye nokuqalisa inkonzo.
Ubuchule bokuqalisa kwenkonzo bunokuphunyezwa kusetyenziswa uphumezo lomyalelo oluncedo olukude PSExec. I-PT NAD ihlalutya i-SMB protocol kwaye ibhaqa ukusetyenziswa kwe-PSExec xa isebenzisa ifayile ye-PSEXESVC.exe okanye igama lenkonzo ye-PSEXECSVC eqhelekileyo ukwenza ikhowudi kumatshini okude. Umsebenzisi kufuneka ajonge uluhlu lwemiyalelo ephunyeziweyo kunye nokuba semthethweni kophumezo lomyalelo olude ukusuka kumamkeli.
Ikhadi lokuhlasela kwi-PT NAD libonisa idatha kumaqhinga kunye nobuchule obusetyenzisiweyo ngokwe-ATT & CK matrix ukwenzela ukuba umsebenzisi aqonde ukuba yeyiphi inqanaba lohlaselo abahlaseli abakhoyo, zeziphi iinjongo abazenzayo, kwaye yiyiphi imilinganiselo yokubuyisela.
Umgaqo omalunga nokusebenzisa i PSExec into eluncedo iyavulwa, enokubonisa umzamo wokuphumeza imiyalelo kumatshini okude.
10. : isoftware yomntu wesithathu
Indlela apho abahlaseli bafumana ukufikelela kwisoftware yolawulo olukude okanye inkqubo yokuthunyelwa kwesoftware kwaye bayisebenzisele ukuqhuba ikhowudi engalunganga. Imizekelo yesoftware enjalo: SCCM, VNC, TeamViewer, HBSS, Altiris.
Ngendlela, ubuchule bubaluleke kakhulu ngokunxulumene notshintsho olukhulu oluya kumsebenzi okude kwaye, ngenxa yoko, uqhagamshelo lwezixhobo ezininzi zasekhaya ezingakhuselekanga ngokusebenzisa amajelo okufikelela kude athandabuzekayo.
I-PT NAD yenza ntoni?: ibhaqa ngokuzenzekelayo ukusebenza kwesoftware enjalo kuthungelwano. Ngokomzekelo, imigaqo ibangelwa ukudibanisa nge-protocol ye-VNC kunye nomsebenzi we-EvilVNC Trojan, efaka ngokufihlakeleyo iseva ye-VNC kwi-host host yexhoba kwaye iqalise ngokuzenzekelayo. Kwakhona, i-PT NAD ibona ngokuzenzekelayo iprotocol yeTeamViewer, oku kunceda umhlalutyi, esebenzisa isihluzi, afumane zonke iiseshini ezinjalo kwaye ajonge ukuba semthethweni kwazo.
11. : ukuphunyezwa komsebenzisi
Ubuchule apho umsebenzisi aqhuba iifayile ezinokukhokelela ekuphunyezweni kwekhowudi. Oku kunokuba, umzekelo, ukuba uvula ifayile ephunyeziweyo okanye uqhuba uxwebhu lweofisi ngemacro.
I-PT NAD yenza ntoni?: ibona iifayile ezinjalo kwinqanaba logqithiselo, phambi kokuba ziqaliswe. Ulwazi malunga nabo lunokufundwa kwikhadi leeseshoni apho zihanjiswe khona.
12. :Isixhobo soLawulo lweWindows
Ukusetyenziswa kwesixhobo se-WMI, esibonelela ngofikelelo lwasekhaya nolukude kumacandelo enkqubo yeWindows. Ukusebenzisa i-WMI, abahlaseli banokusebenzisana kunye neenkqubo zendawo kunye nezikude kwaye benze imisebenzi eyahlukeneyo, njengokuqokelela ulwazi ngeenjongo zokufumana ulwazi kunye nokuqaliswa kweenkqubo ezikude ngelixa uhamba ecaleni.
I-PT NAD yenza ntoni?: Ekubeni ukusebenzisana kunye neenkqubo ezikude nge-WMI zibonakala kwi-traffic, i-PT NAD ibona ngokuzenzekelayo izicelo zenethiwekhi ukuseka iiseshoni ze-WMI kwaye ijonga i-traffic kwizikripthi ezisebenzisa i-WMI.
13. : Ulawulo olukude lweWindows
Ukusebenzisa inkonzo yeWindows kunye neprotocol evumela umsebenzisi ukusebenzisana neenkqubo ezikude.
I-PT NAD yenza ntoni?: Ibona uqhagamshelo lwenethiwekhi esekwe kusetyenziswa uLawulo lweRemote yeWindows. Iiseshoni ezinjalo zibonwa ngokuzenzekelayo yimigaqo.
14. : XSL (Ulwimi lweSitayile Esongezelelweyo) ukusetyenzwa kwescript
Ulwimi lophawulo lwesimbo se-XSL lusetyenziselwa ukuchaza ukusetyenzwa kunye nokubonwa kwedatha kwiifayile ze-XML. Ukuxhasa imisebenzi entsonkothileyo, umgangatho we-XSL uquka inkxaso yezikripthi ezizinzisiweyo kwiilwimi ezahlukeneyo. Ezi lwimi zivumela ukuphunyezwa kwekhowudi engafanelekanga, ekhokelela ekugqithiseni imigaqo-nkqubo yokhuseleko esekwe kuluhlu olumhlophe.
I-PT NAD yenza ntoni?: ibhaqa ugqithiso lwezo fayile kuthungelwano, oko kukuthi, nangaphambi kokuba ziqaliswe. Ibhaqa ngokuzenzekelayo iifayile ze-XSL zihanjiswa kwinethiwekhi kunye neefayile ezinophawu lwe-XSL olungaqhelekanga.
Kwizinto ezilandelayo, siza kujonga indlela inkqubo ye-PT Network Attack Discovery NTA ifumana ezinye iindlela zomhlaseli kunye nobuchule ngokuhambelana ne-MITER ATT & CK. Hla umamele!
Authors:
- Anton Kutepov, ingcali kwi-PT Expert Security Centre, Positive Technologies
- U-Natalia Kazankova, umthengisi wemveliso kwi-Positive Technologies
umthombo: www.habr.com