Busy Is the New Stupid(cisotradecraft.com)
cisotradecraft.com
Busy Is the New Stupid
https://www.cisotradecraft.com/bitns
10 コメント
Not saying there isn't anything valuable here but the entire site looks like an LLM prompt.
The numbering of the challenges (eg T1001) is a little confusing to me too. My assumption is that the first number after the T is a tactic ID and the remaining digits are the challenge/issue ID. Maybe the challenge/issue ID is 3 digits because there's room (a plan?) to add many more examples?
I like the substance of this conceptual model as well (and may actually use some of it in my own personal productivity framework :-)), but don't see why it needs to be presented this way. It's neat, but I'd personally rather all the content be on one page, and maybe with a search feature for if/when the list of example challenges/issues grows.
I like the substance of this conceptual model as well (and may actually use some of it in my own personal productivity framework :-)), but don't see why it needs to be presented this way. It's neat, but I'd personally rather all the content be on one page, and maybe with a search feature for if/when the list of example challenges/issues grows.
It's an homage to MITRE ATT&CK.
It looks like a sort of serial number or categorization. The first block they are T1. The second block they are T2. So each category (access, persistence, etc) is a T w a leading number and the issues/“tactics” inside of that have a 001, 002 etc, as a reference to that specific instance (meeting overload)
Edited for typos
Edited for typos
Yeah I get that, I just don't understand the "why"
I'm with you. What is this?
Imagine the website is presenting you with a quicksheet about some new type of attack. It's called BUSY.
Initial Access covers how you being a BUSY attack. Execution covers how BUSY tends to manifest itself in normal operations. And so on, and so forth.
Note the domain: CISO Tradecraft. It's just the author(s) being cheeky in their presentation. If you aren't in a security-adjacent space I could see how it wouldn't land.
Initial Access covers how you being a BUSY attack. Execution covers how BUSY tends to manifest itself in normal operations. And so on, and so forth.
Note the domain: CISO Tradecraft. It's just the author(s) being cheeky in their presentation. If you aren't in a security-adjacent space I could see how it wouldn't land.
this site is a riff on mitre att&ck, a popular and highly-utilized framework for organizing and categorizing threat actor and malware tradecraft. it's also llm slop.
Looks like an LLM generated site with little thought put behind it, flagged for a low effort submission
FWIW my feeling is positive in regard to the core meaning being conveyed- I just feel like I'm missing out on something in not understanding the format.