Professional Documents
Culture Documents
Documented Adversary Behavior?" To Answer That Question, The Researchers Developed
Documented Adversary Behavior?" To Answer That Question, The Researchers Developed
Documented Adversary Behavior?" To Answer That Question, The Researchers Developed
The MITRE Corporation was chartered in July 17, 1958 as a private, not-for-profit company to
provide engineering and technical guidance for the federal government. Since then, MITRE has
operated at the intersection of advanced technology and vital national concerns.
MITRE's roots began in the computer laboratories of the Massachusetts Institute of Technology
(MIT) during World War II.
In 1959, the newly formed Federal Aviation Agency (now Administration) established a collaboration
with the Air Force to engage MITRE on a project called SATIN (SAGE Air Traffic Integration).
In 1974, Secretary of Defense James Schlesinger expanded its use to all branches of the military to
form JTIDS.
The rapid pace of change in information technology that characterized the late 1980s and early
1990s greatly influenced the evolution of MITRE's work.
In 1999, MITRE, working with the FAA industry, evaluated the prototype Automatic Dependent
Surveillance-Broadcast (ADS-B) technology.
after that they take a big decision to fight our nation enemy so that he started
Introduction
• MITRE ATT&CK was created in 2013 as a result of MITRE's Fort Meade Experiment (FMX).
researchers of the FMX Project is emulated both adversary and defender behavior in an effort to
improve post-compromise detection of threats through telemetry sensing and behavioral
analysis.
• The key question of FMX’s for the researchers was "How well are we doing at detecting
documented adversary behavior?" To answer that question, the researchers developed
ATT&CK, which was used as a tool to categorize adversary behavior.
• The MITRE ATT&CK is a framework, stands for MITRE Adversarial Tactics, Techniques, and
Common Knowledge (ATT&CK).
• The tactics and techniques abstraction in the model provide a common taxonomy of individual
adversary actions understood by both offensive and defensive sides of cybersecurity.
Motive
• ATT&CK has become one of the most respected and most referenced resources in
cybersecurity.
• ATT&CK is a knowledge base of hacking techniques you can use to defend your network
from cybersecurity threats.
• ATT&CK on different stages of a cyberattack to infiltrate your network and exfiltrate data.
4. Defensive Gap Assessment: Determines what parts of the enterprise lack defenses and/or
visibility. ATT&CK can be used to assess existing tools, or test new tools prior to purchasing,
to determine security coverage and prioritize investment.
The Cyber Kill Chain, is a well-defined sequence of events: The Red Team (the pentesting term for
attackers) move from reconnaissance to intrusion and so on in that order. Conversely, the Red Team
uses ATT&CK techniques from different tactics at different times of the scenario depending on the
situation. An ATT&CK scenario could start with a Hardware Addition from the Initial Access tactic,
then jump to Bypass User Account Control from the Privilege Escalation tactic and go back to the
Execution tactic to run PowerShell.
1. Reconnaissance
2. Intrusion
3. Exploitation
4. Privilege Escalation
5. Lateral Movement
6. Obfuscation/ Anti-forensics
7. Denial of Service
8. Exfiltration
Varonis detects several ATT&CK techniques and cyberattacks in your network – including Pass the
Hash, Pass the Ticket, and Brute Force. Varonis threat models use the same language as ATT&CK so
you can easily reference both resources when you need to research cyberattacks.