Good of them to release this, and I have a dog in the race about getting people to think higher-level about security, but ATT&CK, STRIDE and other frameworks tend to be solipsistic, self propagating bullshit.<p>I would also argue that quantitative security risk models serve mainly as a corporate laundering system to obfuscate risk, do not have any meaningful predictive power, and that security compliance has become a make-work field for the unskilled, whose role is to be both an easy mark and a scapegoat for reckless corporate behaviour.<p>Hopefully it will mature to where designers and engineers themselves build in mitigations, the way some of them have with environmental and safety risks, but as a business, I think security is due for some scrutiny.
Been down this road before, much harder than it looks. MITRE techniques can be deceptive in that you think you can detect on a technique but that is true only for the specific attack scenario. Example: you can detect anomalous scheduled task creation, but is it because you are looking for specific command lines? If so, why can't attackers just use .NET ? You can detect cred dumping because procdump.exe or wce.exe is seen,but what you are not looking for process handles to lsass. It can lead to a false sense of security if you're not careful.<p>From a threat hunting and detection perspective, I am so glad they are sharing this tool. It becomes very tedious very fast when you take things like this and apply them against the highly nuanced context of your environment.
What's with all the typos on the web site? e.g. "Unfetter Discover: Analyze seucrity gaps and explore adversary tradecraft" or "Unfetter Disocover".<p>If the goal is to foster adoption these tells scream "disorganized and unprofessional".
GitHub docs lead to <a href="http://unfetter.io/" rel="nofollow">http://unfetter.io/</a> which leads to a GoDaddy landing page...
<a href="https://github.com/unfetter-discover/unfetter/issues/1613" rel="nofollow">https://github.com/unfetter-discover/unfetter/issues/1613</a><p>Looks like the project may be abandoned? Time for a fork?