MITRE ATT&CK

CAL-768x732.jpg

MITRE ATT&CK

https://medium.com/@sroberts/incident-response-hunting-tools-a40331257a46MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.

Recon->Weaponizes->Deliver->Exploit->Control->Execute->-Maintain

Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Execution, Collection and Exfiltration, Command and Control.

Getting started with ATT&CK

  1. eBook – mitre-getting-started-with-attack-october-2019
  2. Getting Started with ATT&CK: Assessments and Engineering https://medium.com/mitre-attack/getting-started-with-attack-assessment-cc0b01769cb4
  3. Getting Started with ATT&CK: Threat Intelligence by Katie Nickels https://lnkd.in/ggzkg_R
  4. Getting Started with ATT&CK: Detection and Analytics by John Wunder https://lnkd.in/gJy6ym7
  5. Getting Started with ATT&CK: Adversary Emulation and Red Teaming by Blake Strom, Timothy Schulz, and Katie Nickels https://lnkd.in/gmq5rRY
  6. DeTT@CT – https://github.com/rabobank-cdc/DeTTECT
  7. Quantifying Vendor Efficacy Using The MITRE ATT&CK Evaluation – https://go.forrester.com/blogs/measuring-vendor-efficacy-using-the-MITRE-attck-evaluation/
  8. Here’s Why We Can’t Have Nice Things – https://www.endgame.com/blog/executive-blog/heres-why-we-cant-have-nice-things
  9. BZAR (Bro/Zeek ATT&CK-based Analytics and Reporting)
    1. https://github.com/mitre-attack/bzar
    2. https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1569878751.pdf
  10. EU ATT&CK Community – https://attack-community.org/event/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s