I was always impressed with the MITRE ATT&CK framework that helps the community by sharing the latest techniques, attackers are using nowadays in their engagements, and how companies can defend and mitigate these attacks to reduce down the impact of a (cyber
One of the main reasons, I decided to share CTHoW was mainly because I felt that there wasn’t a clear ”how-to” detect TTP <XYZ>.
It was a lot about coverage and mapping your detecting techniques to MITRE ATT&CK, but let’s be honest. Most SIEM solutions aren’t that mature (yet) and it wouldn’t surprise me that most SIEM
About the author: Huy Kha
Huy is an information security professional with a huge passion for Identity & Access Management. He likes to share knowledge with the community and is known for all his publications around Windows & Active Directory security.