1
00:00:08,900 --> 00:00:13,530
OK, so Myersville was really cool, the last lecture we talked about, the minor attack methodologies.

2
00:00:13,880 --> 00:00:18,650
Now we're going to flip it on its end and look at the Miter Shield methodology.

3
00:00:18,740 --> 00:00:23,870
This is when we're talking about active defense and cyber deceptions, which are sort of like distributed

4
00:00:23,870 --> 00:00:24,500
honeypots.

5
00:00:24,950 --> 00:00:29,270
And any blue team should definitely employ these techniques because they can certainly give you the

6
00:00:29,270 --> 00:00:33,590
upper hand against an adversary who has a foothold in your network.

7
00:00:34,100 --> 00:00:39,890
So if we look at the active defensive matrix, you can see that there are, as there are in the wider

8
00:00:39,890 --> 00:00:46,580
attack framework, there are tactics which basically talks about what does the defender try to do while

9
00:00:46,580 --> 00:00:49,640
the defenders trying to channel defenders trying to collect.

10
00:00:50,550 --> 00:00:50,680
Right.

11
00:00:50,690 --> 00:00:53,390
They're trying to contain all these different things.

12
00:00:53,420 --> 00:00:53,660
Right.

13
00:00:53,660 --> 00:00:56,450
And the techniques describes how they can actually do that.

14
00:00:56,900 --> 00:00:58,940
So look at application diversity.

15
00:00:58,970 --> 00:01:04,580
This is a technique when it comes to active defense in what you can do here is you present the adversary

16
00:01:04,580 --> 00:01:06,850
with a variety of installed applications and services.

17
00:01:07,550 --> 00:01:07,850
Right.

18
00:01:08,300 --> 00:01:12,230
And so what this does is it just can give them an opportunity.

19
00:01:12,230 --> 00:01:14,570
What really a detection opportunity here.

20
00:01:14,570 --> 00:01:19,940
You can see you have an opportunity to study the adversary, you know, get some behavioral analytics

21
00:01:19,940 --> 00:01:21,650
and behavioral indicators of compromise.

22
00:01:22,490 --> 00:01:26,290
You can discover what is being targeted, you know, what is the adversary after.

23
00:01:26,720 --> 00:01:29,270
So this is one of the things that application diversity can get you.

24
00:01:30,400 --> 00:01:34,050
And then you can scroll down, you can get a couple of use cases, right?

25
00:01:34,900 --> 00:01:39,790
You can install decoy services that have extensible capabilities for medical services.

26
00:01:39,820 --> 00:01:40,980
Well, there's lots of them, right?

27
00:01:40,990 --> 00:01:45,370
There's different cyber deception or I guess you can call them deception platforms that exist.

28
00:01:46,000 --> 00:01:47,740
So you could Google those and find them.

29
00:01:48,340 --> 00:01:51,740
There's a couple of different top vendors and then you can go down.

30
00:01:51,760 --> 00:01:57,420
You can see also where there's an overlap between the miter shield and might attack.

31
00:01:57,430 --> 00:01:58,010
It will tell you.

32
00:01:59,020 --> 00:02:03,400
So, again, you know, this is another useful resource is not as popular as mortar attack, but it's

33
00:02:03,400 --> 00:02:04,090
definitely newer.

34
00:02:04,840 --> 00:02:07,770
But don't let that fool you into thinking that you don't need to do this right.

35
00:02:08,260 --> 00:02:09,250
For example, look at this.

36
00:02:09,250 --> 00:02:10,570
I click on Decoy Account.

37
00:02:11,690 --> 00:02:15,710
And now I can see what this can do right, create an account that is used for active defensive purposes,

38
00:02:16,520 --> 00:02:20,960
a decoy account is one that is specifically used for defensive and deceptive purposes.

39
00:02:21,980 --> 00:02:22,300
Right.

40
00:02:22,370 --> 00:02:29,090
A decoy account can be used to make a system service or software look more realistic or to entice an

41
00:02:29,090 --> 00:02:29,440
action.

42
00:02:30,200 --> 00:02:35,480
And if you have some opportunity, some detection opportunities and everything's mapped again to make

43
00:02:35,480 --> 00:02:37,010
it very easy to find what you want to do.

44
00:02:37,460 --> 00:02:37,730
All right.

45
00:02:37,730 --> 00:02:40,700
So that's really all I want to show you for MITers Shield.

46
00:02:41,300 --> 00:02:44,870
And that's why I really I just want you to be aware of it so that, you know, it's out there.

47
00:02:45,110 --> 00:02:47,930
You don't really have to study each of these tactics unless you want to.

48
00:02:48,410 --> 00:02:50,020
But, you know, I just want you to be aware of it.

49
00:02:50,030 --> 00:02:55,100
It's relatively new, but it's definitely becoming an emerging resource for threat hunters and blue

50
00:02:55,100 --> 00:02:55,490
demons.

51
00:02:56,700 --> 00:03:02,210
So on the next lecture, we are going to dig into the OAS top 10 methodology, perhaps the most famous

52
00:03:02,840 --> 00:03:03,490
methodologies.

53
00:03:04,150 --> 00:03:09,370
I will see you guys in the next lecture when we dig into the top 10.

54
00:03:11,610 --> 00:03:11,830
But.