IT Security is hard. The landscape moves at a fast pace, and it is important for Red&Blue to stay up to date with the constantly evolving threats, tradecraft, and associated technical knowledge. ATT&CK does a great job at gathering all this and making it available via a wiki and a REST API. The kill-chain encyclopedia of known corporate post-exploitation techniques for the masses... so I made a set of Cmdlets to access this data from a PowerShell prompt, and facing the demo gods, I will show how this first toolset can be used to search and navigate the ATT&CK Knowledge base, document your moves, & automate stuff, and I will then demo how to invoke the Great Bird of Common Knowledge by feeding ATT&CK techniques to an Atomic Canary over a smoking pipe... Really cool stuff. Don't miss it.
Walter Legowski [@SadProcessor] / "Make the world a safer place" @ ERNW [DE] / PowerShell Bad Boy & Noob for life / Likes Tools, Security & Automation / Likes Streets, Cats and Trees / Likes mixing stuff...