Week 7 Flashcards

1
Q

MITRE ATT&CK Framework

A

(Adversarial Tactics, Techniques, and Common Knowledge) framework is a widely-used cybersecurity framework that provides a comprehensive understanding of the tactics, techniques, and procedures used by adversaries in cyber attacks.

The framework is designed to help organizations identify and defend against cyber threats by providing a common language and structure for describing the various stages of an attack.

It is based on real-world observations of actual cyber attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Credential Access Tactic (MITRE)

A

Used to obtain the credentials of legitimate users in order to gain access to sensitive data or perform other malicious actions.

Techniques used in this tactic include using keyloggers, using phishing emails, or using brute-force attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Command and Control (C2) (MITRE)

A

Used to communicate with the attackers and receive instructions.

This allows the attackers to operate remotely and perform actions on the target system without being physically present.

Techniques used in this tactic include using exfiltration channels, using custom protocols, or using social media platforms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

MITRE ATT&CK frame-work 10 Steps

A
  1. Initial Access
  2. Execution
  3. Persistence
  4. Privilege escalation
  5. Defense Evasion
  6. Credential access
  7. Discovery
  8. Lateral movement
  9. Collection and exfiltration
  10. Command & Control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Initial Access

A

The first step of an attack where an adversary gains an initial foothold on a victim system or network.

This can be achieved through various means such as phishing, exploitation of a vulnerability, or physical access to the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Execution

A

The step where the attacker runs their code on the victim system.

This can be done through various means such as exploiting a vulnerability, running malicious scripts, or using built-in tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Persistence

A

The step where the attacker establishes a persistent presence on the victim system to maintain access even after a system reboot or other actions that would typically terminate their presence.

This can be achieved by modifying system files, adding scheduled tasks or services, or creating new user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Privilege Escalation

A

The step where the attacker elevates their privileges from a lower privilege level to a higher one, granting them more control over the victim system.

This can be achieved by exploiting vulnerabilities, misconfigurations, or by stealing credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Defense Evasion

A

Defense Evasion is the step where the attacker takes steps to avoid detection by security measures such as antivirus software or intrusion detection systems.

This can be achieved by using encryption, obfuscation, or anti-forensic techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Credential Access

A

The step where the attacker obtains and uses valid credentials to gain access to systems and data.

This can be achieved through various means such as password guessing, phishing, or exploiting vulnerabilities in authentication mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Discovery

A

The step where the attacker explores the victim network and systems to learn more about their environment.

This can be achieved by gathering information about network topology, system configurations, and user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Lateral Movement

A

The step where the attacker moves laterally through the victim network to gain access to additional systems and resources.

This can be achieved by exploiting vulnerabilities, using stolen credentials, or by compromising trusted relationships between systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Collection and Exfiltration

A

The step where the attacker gathers and steals sensitive information from the victim system or network.

This can be achieved by copying files, stealing credentials, or using command and control channels to exfiltrate data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Command & Control

A

The step where the attacker establishes and maintains communication channels with their malicious infrastructure to control the victim systems and exfiltrate data.

This can be achieved through various means such as using remote access tools, hidden web services, or other covert communication channels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

MITRE ATT&CK Chain

A
  1. Reconnaissance
  2. Weaponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command and Control
  7. Actions on Objectives
  8. Impact
  9. Detonation
  10. Exfiltration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Difference between the Cyber kill Chain process and the Mitre Attack
Framework

A

*The number of stages,
*The focus,
*The perspective,
*The level of granularity,
*The scope;

17
Q

Real-world Applications of Cyber kill chain process & Mitre Attack
Framework

A
  1. Network Security
  2. Incident Response
  3. Penetration Testing
  4. Cyber Threat Intelligence