ATT&CK
Using ATT&CK As a Teacher
Over the past few years, I’ve had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and ...
The MITRE ATT&CK Framework: Command and Control
Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case ...
The MITRE ATT&CK Framework: Exfiltration
Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage ...
The MITRE ATT&CK Framework: Collection
The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives. I see most of these techniques as ...
The MITRE ATT&CK Framework: Lateral Movement
It will be rare that an attacker exploits a single system and does not attempt any lateral movement within the network. Even ransomware that typically targets a single system at a time ...
The MITRE ATT&CK Framework: Privilege Escalation
Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access ...
The MITRE ATT&CK Framework: Persistence
When I first started researching ATT&CK last year, Persistence was the tactic which made me fall in love. Even though I have been in the industry for some time, I learned more ...
The MITRE ATT&CK Framework: Execution
Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than Execution (https://attack.mitre.org/wiki/Execution). When taking into consideration off-the-shelf malware, traditional ransomware, or state-of-the-art ...
A Look Inside the April Update to the MITRE ATT&CK Framework
The MITRE ATT&CK Framework is an excellent resource when it comes to defining threat intelligence. The hundreds of techniques mapped across various tactics help define an adversary’s behaviors in enterprise networks. What’s ...