Using Agents to Map SaaS Attack Surface via MITRE ATT&CK

I know SaaS app detection and response is not in everyone’s remit although I’ve worked in a few orgs where we’ve had to threat model SaaS apps, understand their telemetry and devise attack paths that could lead to unfavourable outcomes. We spent a lot of time doing this research. I thought about it and myself if I could get ( don’t hate for me it ) agents to perform this research. So I started with this mental objective: “How can I greedily transpose a SaaS app and find attack surface by transposing it onto MITRE attack and emulating adversarial techniques making some assumptions about an environment” It turns out, I think, that the early results are really promising. Full transparency I am trying to build this into a product, but I’ve released a public version of some of the analysis in the attached link. You can view Slack and see 2 views: MITRE View – Synthesise MITRE techniques onto app functionality Attack Scenarios – View techniques in the context of an attack tree My next steps are to integrate audit log context to identify detection opportunities and configuration context to identify mitigation options. If you’ve had to do this with your own teams, I’d really value hearing your perspective. Always open to chatting as this is my life now submitted by /u/wezham [link] [comments]Technical Information Security Content & DiscussionRead More