Week 7 Flashcards
MITRE ATT&CK Framework
(Adversarial Tactics, Techniques, and Common Knowledge) framework is a widely-used cybersecurity framework that provides a comprehensive understanding of the tactics, techniques, and procedures used by adversaries in cyber attacks.
The framework is designed to help organizations identify and defend against cyber threats by providing a common language and structure for describing the various stages of an attack.
It is based on real-world observations of actual cyber attacks.
Credential Access Tactic (MITRE)
Used to obtain the credentials of legitimate users in order to gain access to sensitive data or perform other malicious actions.
Techniques used in this tactic include using keyloggers, using phishing emails, or using brute-force attacks.
Command and Control (C2) (MITRE)
Used to communicate with the attackers and receive instructions.
This allows the attackers to operate remotely and perform actions on the target system without being physically present.
Techniques used in this tactic include using exfiltration channels, using custom protocols, or using social media platforms.
MITRE ATT&CK frame-work 10 Steps
- Initial Access
- Execution
- Persistence
- Privilege escalation
- Defense Evasion
- Credential access
- Discovery
- Lateral movement
- Collection and exfiltration
- Command & Control
Initial Access
The first step of an attack where an adversary gains an initial foothold on a victim system or network.
This can be achieved through various means such as phishing, exploitation of a vulnerability, or physical access to the system.
Execution
The step where the attacker runs their code on the victim system.
This can be done through various means such as exploiting a vulnerability, running malicious scripts, or using built-in tools.
Persistence
The step where the attacker establishes a persistent presence on the victim system to maintain access even after a system reboot or other actions that would typically terminate their presence.
This can be achieved by modifying system files, adding scheduled tasks or services, or creating new user accounts.
Privilege Escalation
The step where the attacker elevates their privileges from a lower privilege level to a higher one, granting them more control over the victim system.
This can be achieved by exploiting vulnerabilities, misconfigurations, or by stealing credentials.
Defense Evasion
Defense Evasion is the step where the attacker takes steps to avoid detection by security measures such as antivirus software or intrusion detection systems.
This can be achieved by using encryption, obfuscation, or anti-forensic techniques.
Credential Access
The step where the attacker obtains and uses valid credentials to gain access to systems and data.
This can be achieved through various means such as password guessing, phishing, or exploiting vulnerabilities in authentication mechanisms.
Discovery
The step where the attacker explores the victim network and systems to learn more about their environment.
This can be achieved by gathering information about network topology, system configurations, and user accounts.
Lateral Movement
The step where the attacker moves laterally through the victim network to gain access to additional systems and resources.
This can be achieved by exploiting vulnerabilities, using stolen credentials, or by compromising trusted relationships between systems.
Collection and Exfiltration
The step where the attacker gathers and steals sensitive information from the victim system or network.
This can be achieved by copying files, stealing credentials, or using command and control channels to exfiltrate data.
Command & Control
The step where the attacker establishes and maintains communication channels with their malicious infrastructure to control the victim systems and exfiltrate data.
This can be achieved through various means such as using remote access tools, hidden web services, or other covert communication channels.
MITRE ATT&CK Chain
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and Control
- Actions on Objectives
- Impact
- Detonation
- Exfiltration