(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Am I alone in feeling that MITRE ATT&CK is essentially D&D roleplay for pentesters who can’t get the Devops team to implement ISO27001 and have just got bored?

2023-12-28 00:17:13+00:00

Sarah: Alright, team, the Russian Bear is hitting us with spear-phishing. We need to fortify our email gateways. Ideas?

John: Maybe implement multi-factor authentication across the board?

DM: Roll for success of your MFA implementation.

John rolls.

DM: Great job! The Russian Bear is baffled by your strengthened defenses. Now, prepare for the Chinese Dragon.

Alex: Economic cyber espionage, huh? We need to safeguard our critical data. How about encrypting our sensitive files?

DM: Roll to select your key-management strategy … ooooh, 1 – that’s an Spreadsheet in Excel …

…with help from ChatGPT
[END]

[1] URL: https://alecmuffett.com/article/108753
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.