WEBVTT 00:00.000 --> 00:02.340 >> Welcome to the fourth and final lesson 00:02.340 --> 00:05.530 of Module 2, Attack Navigator. 00:06.260 --> 00:08.520 In this lesson, we will 00:08.520 --> 00:10.050 explore the structure and purpose of 00:10.050 --> 00:12.780 the Attack Navigator and appreciate how 00:12.780 --> 00:14.070 this tool can allow us to create 00:14.070 --> 00:16.510 custom attack visualizations. 00:19.160 --> 00:21.810 Until now, you might have been wondering how I've 00:21.810 --> 00:23.849 made all these awesome attack visualizations. 00:23.849 --> 00:26.950 In this lesson, I'm going to share my secret. 00:29.600 --> 00:33.090 The Attack Navigator is a tool designed to 00:33.090 --> 00:34.440 provide basic navigation and 00:34.440 --> 00:36.940 annotation of attack matrices. 00:37.790 --> 00:40.220 The Attack Navigator allows us 00:40.220 --> 00:41.975 to manipulate the cells in a matrix, 00:41.975 --> 00:43.970 adding color, comments, 00:43.970 --> 00:45.710 assigning numerical values or 00:45.710 --> 00:48.360 capturing into the matrix or notes. 00:49.040 --> 00:51.365 This function is really important, 00:51.365 --> 00:52.730 especially when we think about these quantitative 00:52.730 --> 00:55.060 scorecards from the previous lesson, 00:55.060 --> 00:56.780 as the Attack Navigator allows us to 00:56.780 --> 00:59.840 visualize various matrix such as defensive coverage, 00:59.840 --> 01:01.715 output of red and blue teams, 01:01.715 --> 01:03.440 frequency of detecting techniques, 01:03.440 --> 01:07.140 or any other matrix that we want to capture and present. 01:10.460 --> 01:13.205 Each custom view created 01:13.205 --> 01:15.515 by the navigator is called a layer. 01:15.515 --> 01:17.120 These layers can be created 01:17.120 --> 01:18.980 interactively within the tool or 01:18.980 --> 01:23.490 generated using the custom JSON format for the navigator. 01:23.630 --> 01:26.175 These layers can also be exported 01:26.175 --> 01:28.420 and shared between analysts. 01:31.910 --> 01:34.790 Full source code and documentation for 01:34.790 --> 01:36.590 the navigator are available at 01:36.590 --> 01:39.185 our Attack Navigator GitHub repository. 01:39.185 --> 01:41.840 These instructions include how to stand up and 01:41.840 --> 01:44.270 run your own instance of Navigator, 01:44.270 --> 01:47.520 but we also host one online for everyone to use. 01:51.770 --> 01:53.870 I definitely recommend getting 01:53.870 --> 01:56.315 your own hands-on experience with the Navigator. 01:56.315 --> 01:58.370 Here's a quick introduction to how to 01:58.370 --> 02:00.920 control and use the Navigator tool. 02:00.920 --> 02:04.445 As you can see, the matrix is presented at the bottom, 02:04.445 --> 02:07.520 where you can select each individual cell or technique. 02:07.520 --> 02:11.625 [NOISE] There's also a control panel at the top, 02:11.625 --> 02:14.795 files to perform various other actions, 02:14.795 --> 02:17.060 such as selecting techniques based on 02:17.060 --> 02:20.790 their mappings to groups, software or mitigations. 02:21.610 --> 02:24.830 We can also use these controls to add color or 02:24.830 --> 02:28.650 various other annotations to selected cells. 02:29.420 --> 02:33.275 Once done, we can export these layers into JSON, 02:33.275 --> 02:36.000 Excel, or image formats. 02:36.710 --> 02:43.160 The Attack Navigator allows us to create new layers, 02:43.160 --> 02:46.580 as well as build on or open existing layers. 02:47.540 --> 02:50.240 We can also create layers based on 02:50.240 --> 02:53.435 the various matrices within attack such as enterprise, 02:53.435 --> 02:55.860 mobile or even ICS. 02:57.470 --> 03:00.925 With that little knowledge, check for Lesson 4. 03:00.925 --> 03:02.690 Which of the following is not 03:02.690 --> 03:05.030 true about the Attack Navigator? 03:05.030 --> 03:07.490 Please pause the video and take a second to 03:07.490 --> 03:10.470 think about the correct answer before proceeding. 03:13.250 --> 03:16.570 In this case, the correct answer was A. 03:16.570 --> 03:18.620 Attack Navigator allows us to create 03:18.620 --> 03:22.680 custom visualizations but not edit attack content. 03:24.740 --> 03:27.975 With that, we reach the end of Lesson 4. 03:27.975 --> 03:31.280 In summary, the Attack Navigator enables us to annotate, 03:31.280 --> 03:33.200 save, and share customized views 03:33.200 --> 03:35.245 of attack known as layers. 03:35.245 --> 03:37.250 These layers can capture many types of 03:37.250 --> 03:40.200 data mapped to the techniques within attack. 03:42.740 --> 03:45.885 With that, we've reached the end of Module 2. 03:45.885 --> 03:47.395 In this module, we explore 03:47.395 --> 03:49.295 the various benefits of using attack, 03:49.295 --> 03:51.320 including the diversity of information and 03:51.320 --> 03:53.675 perspective capture within the framework, 03:53.675 --> 03:55.520 the common language for describing 03:55.520 --> 03:57.620 adversary behaviors provided by attack, 03:57.620 --> 04:00.350 and how attack can allow us to create and 04:00.350 --> 04:03.545 produce cybersecurity matrix and scorecards, 04:03.545 --> 04:06.240 very often with the Attack Navigator.