Cyber-attacks statistics and trends are worsening over time, and despite global efforts, there has been significant increase in cyber breaches and their consequences (Boehm, Lewis, Li, Wallance, & Dias, 2022; Brooks, 2022; Sobers, 2022). Security controls play a major role in defending organizations against cyber-attacks and threats. Organizations invest in security controls and spend a lot of time and effort selecting what meets their requirements, deploying it, maintaining it, and utilizing it; trusting that achieving these steps and having the security control in place will mitigate a particular risk and these security controls will always work as intended, by preventing or detecting specific threats. While this is not entirely false, something is missing. To what extent have these security controls’ effectiveness been measured? Has the efficacy of these security controls been assessed and validated? Are they efficient enough? And how much are they utilized? This paper will discuss all these questions in detail and will address them by architecting and designing a framework to measure, validate, and assess security controls’ effectiveness, efficacy, efficiency, and utilization. The framework includes objective and scope, roles and responsibilities, framework structure and streams, framework mapping with threats and risks, self-assessment with the framework, and framework implementation.
Join the newsletter to receive the latest updates in your inbox.
While syscalls and Windows have exploded in popularity, permitting offensive security tools to weaponize direct Windows syscalls to avoid EDR, they have virtually never been utilized in the context of shellcode, except for Egghunters, a specialized shellcode that uses only one syscall.
Read More
Abstract This whitepaper discusses recent trends in the cybersecurity sector related to ransomware – both what it is, and how to
Read More
Abstract Shellcode is often used as a means to achieve arbitrary execution. In Windows, this involves the use of WinAPI
Read More