MITRE developed ATT&CK as a model to document and track various techniques attackers use throughout the different stages of a cyberattack to infiltrate your network and exfiltrate data.

ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. The framework is a matrix of different cyberattack techniques sorted by different tactics. There are different matrices for Windows, Linux, Mac, and mobile systems.

Since its inception in 2013, ATT&CK has become one of the most respected and most referenced resources in cybersecurity. ATT&CK is a knowledge base of hacking techniques you can use to defend your network from cybersecurity threats. To know ATT&CK is to understand your enemy.

ATT&CK defines the following tactics used in a cyberattack:

  1. Initial Access

MITRE calls the top level category ‘tactics.’ Each column under a tactic includes a list of ‘techniques’ that aim to achieve that tactic.

To best utilize ATT&CK, the Red Team develops a strategy to link together several techniques from different columns to test the defenses of their target. The Blue Team (the pen-testing term for defenders) needs to understand the tactics and techniques in order to counter the Red Team’s strategy.

It’s a game of chess, but the pieces are ATT&CK techniques instead of knights and bishops. Each side needs to make specific moves, counter, build a defense, and anticipate the next techniques in play.

some of the techniques used by Red Team:

  1. The Red Team infects the target with malware using Replication Through Removable Media

click on the link below to know more about MITRE For Red Teaming :

To deal with this scenario, the Blue Team needs to be able to detect file access to a removable media device or detect the malware the attacker deploys. They will need to detect the PowerShell execution and know that it’s not just an administrator doing regular work. The Blue Team also needs to detect the stolen privileged account’s access to sensitive data and exfiltration. These techniques are difficult to catch and correlate in the majority of monitoring systems.

if you would like dive deep in to some more useful information about MITRE ATT&CK, I would definitly suggest you to checkout the link



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store