Jared Atkinson

Las Vegas

Host at Detection: Challenging Paradigms

Featured in: Favicon

darkreading.com Favicon

securityboulevard.com Favicon

thetechstreetnow.com

Articles

Part 16: Tool Description

Jan 13, 2025 | posts.specterops.io | Jared Atkinson

On Detection: Tactical to FunctionalWhy it is Difficult to Say What a Tool DoesOver the years, I’ve noticed that we have a difficult time describing a specific tool’s functionality. I participated in conversations or listened to lectures where someone inevitably attempts to describe the techniques or behavior that they associate with a given tool.
Part 16: Tool Description

Jan 13, 2025 | securityboulevard.com | Jared Atkinson

Why it is Difficult to Say What a Tool DoesOver the years, I’ve noticed that we have a difficult time describing a specific tool’s functionality. I participated in conversations or listened to lectures where someone inevitably attempts to describe the techniques or behavior that they associate with a given tool. Someone might say “mimikatz is used for Credential Dumping” which is technically true, but does not provide a comprehensive description of mimikatz’s capabilities.
Part 15: Function Type Categories

Jan 7, 2025 | securityboulevard.com | Jared Atkinson

On Detection: Tactical to FunctionalSeven Ways to View API FunctionsWelcome back to Part 15 of the On Detection: Tactical to Functional blog series. I wrote this article to serve as a resource for those attempting to create tool graphs to describe the capabilities of the attacker tools or malware samples they encounter. Throughout this series, I’ve analyzed many API functions and summarized my analysis through function call stacks.
Part 15: Function Type Categories

Jan 7, 2025 | posts.specterops.io | Jared Atkinson

On Detection: Tactical to FunctionalSeven Ways to View API FunctionsWelcome back to Part 15 of the On Detection: Tactical to Functional blog series. I wrote this article to serve as a resource for those attempting to create tool graphs to describe the capabilities of the attacker tools or malware samples they encounter. Throughout this series, I’ve analyzed many API functions and summarized my analysis through function call stacks.
Purple Teaming: Evaluate the Efficacy of Security Controls

Jun 30, 2024 | thetechstreetnow.com | Steve King |Jared Atkinson |Specter Ops

25 minutes ago bankinfosecurity Jared Atkinson of SpecterOps on Why 'Detection Is Not the End of the Line' Steve King • July 1, 2024 25 Minutes The concept of red teaming has been around since the 1960s. Red teams use tactics, techniques and procedures to emulate a real-world threat and measure the effectiveness of your defenses. "Red teaming is narrative-driven," said Jared Atkinson of SpectorOps.
Mapping Snowflake's Access Landscape

Jun 13, 2024 | securityboulevard.com | Jared Atkinson

Attack Path ManagementBecause Every Snowflake (Graph) is UniqueOn June 2nd, 2024, Snowflake released a joint statement with Crowdstrike and Mandiant addressing reports of "[an] ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts." A SpecterOps customer contacted me about their organization's response to this campaign and mentioned that there seems to be very little security-based information related to Snowflake.
Part 14: Sub-Operations

Jun 5, 2024 | securityboulevard.com | Jared Atkinson

On Detection: Tactical to FunctionalWhen the Operation is not EnoughA while back, I was working on deconstructing a standard variation of Token Theft and stumbled into a couple of interesting edge cases that my model still needed to account for. Below is the operation chain for one of the most common Token Impersonation procedures. You'll notice that the attacker must open a handle to the target process (Process Open).
Part 14: Sub-Operations

Jun 5, 2024 | posts.specterops.io | Jared Atkinson

On Detection: Tactical to FunctionalWhen the Operation is not EnoughA while back, I was working on deconstructing a standard variation of Token Theft and stumbled into a couple of interesting edge cases that my model still needed to account for. Below is the operation chain for one of the most common Token Impersonation procedures. You’ll notice that the attacker must open a handle to the target process (Process Open).
MITRE ATTACK Archives

May 31, 2024 | securityboulevard.com | Jared Atkinson |Alok Patidar |Daniella Balaban |Yarom Talmi

By Jared Atkinson,Nathan D.,Yarom Talmi,Alok Patidar,Daniella Balaban,John P. Gormally, SR Your Guide to MITRE ATT&CK Framework Cybersecurity has become a routine activity for the majority of companies. Cyberattacks no longer generate the shock and horror they once did. They're now just par ...
Part 13

May 31, 2024 | securityboulevard.com | Jared Atkinson

On Detection: Tactical to FunctionalWhy a Single Test Case is InsufficientIn my previous post, I explored the idea that different tools can implement the same operation chain (behavior) in various ways. I referred to these various ways as execution modalities.