Casey Knerr

Casey Knerr is a cybersecurity engineer at MITRE and the Cloud Lead for the MITRE ATT&CK for Enterprise team, where she provides cloud expertise updating the ATT&CK knowledge base with novel defensive ideas and adversary techniques. Prior to joining MITRE, she worked as a penetration tester and completed a BSFS in Science, Technology, and International Affairs at Georgetown University and an MSc in Computer Science at the University of Oxford. Her specialties and interests include web development, web and cloud security, and international cyber policy. In her spare time, she can often be found flying stunt kites or playing Dungeons & Dragons.


Session

06-17
09:10
20min
I'm Doing My Part! By Mapping Cloud Incidents to ATT&CK Techniques
Casey Knerr

Does working with MITRE ATT&CK® fill you with dread? Do you worry about not knowing the newest cloud TTPs? Are you afraid of ridicule from your friends and family for getting a mapping “wrong”? Are you haunted by the seemingly never-ending story of abuse of valid cloud credentials (#T1078.004)? If any, or potentially all of the above is true, you’re in the right place!

In this talk, join two members of the ATT&CK team in a walkthrough of mapping real incidents to ATT&CK for Cloud. Using Scattered Spider and APT29 as examples, we will explore not only the process of creating technique mappings, but also the value-add of bringing together CTI, detection, and other stakeholders in order to better understand and track threats. We will explore tips, tricks, and some of our own errors analyzing data and reporting to chain techniques together to tell a meaningful and actionable story for defenders.

Democratize Cloud Security Models and Organizations
Breakout 2