Mitre published another awesome framework called d3fend.mitre.org
It is using the att&ck framework but from a defenders perspective :-)
If you have an atlassian confluence running, which is published by a loadbalancer or reverse proxy using another domain, you might run into an XSRF error.
Some actions like uploading your profile picture (https://confluence.domain.tld/users/profile/editmyprofilepicture.action) do not work. You'll receive an generic error from the confluence page (see red box of the screenshot below). If you check the HTTP Header response, you'll see
XSRF check failed. It is caused by the confluence cross site request forgery (CSRF) protection.
server.xmland add the FQDN from the LoadBalancer or reverse proxy.
More information can be found here: https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html
Its hard to secure your IT services and applications. The list of possible attacks is long, as shown in the Mitre Att&ck framework , the...