ATT&CK

Over the past few years, I’ve had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and ...

Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case ...

Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage ...

The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives. I see most of these techniques as ...

It will be rare that an attacker exploits a single system and does not attempt any lateral movement within the network. Even ransomware that typically targets a single system at a time ...

Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access ...

When I first started researching ATT&CK last year, Persistence was the tactic which made me fall in love. Even though I have been in the industry for some time, I learned more ...

Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than Execution (https://attack.mitre.org/wiki/Execution). When taking into consideration off-the-shelf malware, traditional ransomware, or state-of-the-art ...

The MITRE ATT&CK Framework is an excellent resource when it comes to defining threat intelligence. The hundreds of techniques mapped across various tactics help define an adversary’s behaviors in enterprise networks. What’s ...