MITRE ATT&CK Matrix Flashcards
The _______ _____ is a framework for describing the actions an adversary may take while operating within an enterprise net.
ATT&CK Matrix
This describes how the attacker gets on the target system.
Examples: Spear phishing attachments, trusted relationships, valid accounts
Initial Access
Execution of adversary controlled code on a system.
Examples: Command Line, PowerShell, Registry, Scheduled Task
Execution
Anything on a system that grants an adversary persistent presence.
Examples: Account Manipulation, DLL Search Order Hijacking, Shortcut Manipulation
Persistence
Action or technique which results in higher level of permissions of a system.
Examples: Hooking, Process Injection, Sudo Caching
Privilege Escalation
Actions an adversary might take to evade detection.
Examples: Binary Padding, Port Knocking, Timestomp
Defense Evasion
Obtaining legitimate credentials to a system.
Examples: Credential Dumping, Forced Authentication. Input Prompt
Credential Access
Techniques that allow the adversary to gain knowledge about the system and internal network.
Examples: Network Service Scanning, Process Discovery, System Network Configuration Discovery
Discovery
______ ______ consists of techniques that enable an adversary to access and control remote systems on a network.
Examples: Pass the Hash, Shared Webroot, Taint Shared Content
Lateral Movement
Identifying and gathering files prior to exfiltration.
Examples: Automated Collection, Data from Network Share Drive, Man in the Browser
Collection
Removing files and information from a network.
Examples: Data Encrypted, Exfiltration over C2 channel, Scheduled Transfer
Exfiltration
Ways an adversary can communicate with a remote system they control.
Examples: Commonly Used Ports, Multiband Communication, Standard App Layer Protocol
Command and Control
