TryHackMe MITRE Room- Task 1 Introduction to MITRE & Task 2 Basic Terminology
This room will discuss the various resources MITRE has made available for the cybersecurity community.
Task 1 Introduction to MITRE
For those that are new to the cybersecurity field, you probably never heard of MITRE. Those of us that have been around might only associate MITRE with CVEs (Common Vulnerabilities and Exposures) list, which is one resource you’ll probably check when searching for an exploit for a given vulnerability. But MITRE researches in many areas, outside of cybersecurity, for the ‘safety, stability, and well-being of our nation.’ These areas include artificial intelligence, health informatics, space security, to name a few.
From Mitre.org: “At MITRE, we solve problems for a safer world. Through our federally funded R&D centers and public-private partnerships, we work across government to tackle challenges to the safety, stability, and well-being of our nation.”
In this room, we will focus on other projects/research that the US-based non-profit MITRE Corporation has created for the cybersecurity community, specifically:
- ATT&CK® (Adversarial Tactics, Techniques, and Common Knowledge) Framework
- CAR (Cyber Analytics Repository) Knowledge Base
- ENGAGE (sorry, not a fancy acronym)
- D3FEND (Detection, Denial, and Disruption Framework Empowering Network Defense)
- AEP (ATT&CK Emulation Plans)
Let’s dive in, shall we…
Room updated: July 1st, 2022
Task 2 Basic Terminology
Before diving in, let’s briefly discuss a few terms that you will often hear when dealing with the framework, threat intelligence, etc.
APT is an acronym for Advanced Persistent Threat. This can be considered a team/group (threat group), or even country (nation-state group), that engages in long-term attacks against organizations and/or countries. The term ‘advanced’ can be misleading as it will tend to cause us to believe that each APT group all have some super-weapon, e.i. a zero-day exploit, that they use. That is not the case. As we will see a bit later, the techniques these APT groups use are quite common and can be detected with the right implementations in place. You can view FireEye’s current list of APT groups here.
TTP is an acronym for Tactics, Techniques, and Procedures, but what does each of these terms mean?
- The Tactic is the adversary’s goal or objective.
- The Technique is how the adversary achieves the goal or objective.
- The Procedure is how the technique is executed.
If that is not that clear now, don’t worry. Hopefully, as you progress through each section, TTPs will make more sense.
You have finished up this task, you can now move onto Task 3 ATT&CK® Framework.
