Interview

Question 1

What does ATT&CK stand for?

Answer 1

Adversarial Tactics, Techniques, and Common Knowledge.

Question 2

Who developed the MITRE ATT&CK framework?

Answer 2

MITRE, a nonprofit organization that conducts federally funded research.

Question 3

Breakdown tactics, techniques, and procedures.

Answer 3

Tactics: represent the WHY of an attack.
Techniques: represent the HOW of an attack.
Sub-techniques: represent more granular details about a technique.
Procedures: represent real-world examples of adversarial implementation of tactics and techniques.

Question 4

Why is the MITRE ATT&CK framework useful?

Answer 4

Threat intelligence, security strategy, detection and response, and adversary emulation.

Question 5

What are the MITRE ATT&CK framework matrices?

Answer 5

Enterprise, mobile, and ICS.

Question 6

What are the 12 primary tactics in the MITRE ATT&CK Enterprise Matrix and their order in a typical attack lifecycle?

Answer 6

1.) Initial Access
2.) Execution
3.) Persistence
4.) Privilege Escalation
5.) Defense Evasion
6.) Credential Access
7.) Discovery
8.) Lateral Movement
9.) Collection
10.) Command and Control
11.) Exfiltration
12.) Impact

Question 7

How does the Lockheed Martin Cyber Kill Chain help organizations?

Answer 7

By detecting and stopping attacks at various stages.

Question 8

What are the stages of the Lockheed Martin Cyber Kill Chain?

Answer 8

Reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives.