Focus2Learn
  • Way2Learn
  • OSI Model
    • Intro
    • OSI Model Layers - Functions and Protocols
    • TCP/IP Protocol Suite
    • Layers Functionalities
    • TCP and UDP ports
    • Network Connecting Devices
    • Network Security Devices
    • Network Vulnerability
    • Kerbros
  • Architectures
    • Qradar
    • Splunk ES
    • SOC Analyst Work Culture
    • Playbooks
  • Information Security
    • AAA
    • CIA Traid
    • Cyber Attacks
    • Cyber Kill Chain
    • Threat - Vulnerability - Exploit - Risk
    • MITRE ATT&CK Framework
    • Spoofing Attacks
  • Log Analysis
    • SSL
    • Splunk Queries
    • Log Aggregation, Processing and Analysis for Security
    • Firewall Logging
    • Proxy Server
    • DNS Server
    • Email Analysis
    • Network Data Analysis
    • Web Application Security
    • Threat Hunting with Microsoft O365 Logs
    • Darktrace
    • EDR
    • Random Topics
    • Incident Response
    • Windows Logs
    • Windows Ransomware Detection
    • Ref Diagrams
  • External Sites
    • Fav Links
    • Cyber-Kill-Chain_YouTube_Link
    • OWASP TOP 10 - 2017
    • Splunk UseCases
    • CCNA Course
    • Switch
    • Port Numbers
    • Windows Event IDs
    • Splunk-Oxygen
    • Privilege Escalation Attack
    • Threat Hunting with Splunk
  • PDF Files
    • Imp PDF Files
  • Online Reputation Checking Tool
  • AWS Cloud Security
    • AWS GuardDuty
  • Security Controls
  • CrowdStrike
    • Falcon Queries
    • User Sessions Hunting
    • Day to Day
    • Hunting Falcon
  • DarkTrace
    • Ref Links
  • Web Application Security
    • Links
Powered by GitBook
On this page
  • Overview
  • Example Attack Profile
  • Explanation of Mitre Att&ck Steps
  • Reference

Was this helpful?

  1. Information Security

MITRE ATT&CK Framework

This framework is a knowledge base of common tactics, techniques, and procedures (TTP) that your organization can access to develop specific threat models and methodologies against cyberattacks.

PreviousThreat - Vulnerability - Exploit - RiskNextSpoofing Attacks

Last updated 4 years ago

Was this helpful?

Overview

MITRE is a non-profit corporation based in the United States, Bedford, Massachusetts. It supports numerous US government agencies and manages many federally funded research and development centers (also known as FFRDCs).

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework documents and tracks various adversarial techniques that are used during different stages of a cyberattack.

By using the MITRE-ATT&CK framework's knowledge base, the cyberthreat intelligence community can quickly identify threats and coordinate cyberattack responses.

Example Attack Profile

Explanation of Mitre Att&ck Steps

S.No

Steps in MITRE ATT&CK

Explanation

1

Reconnaissance

The adversary is trying to gather information they can use to plan future operations.

2

Resource Development

The adversary is trying to establish resources they can use to support operations.

3

Initial Access

The adversary is trying to get into your network.

4

Execution

The adversary is trying to run malicious code.

5

Persistence

The adversary is trying to maintain their foothold.

6

Privilege Escalation

The adversary is trying to gain higher-level permissions.

7

Defense Evasion

The adversary is trying to avoid being detected.

8

Credential Access

The adversary is trying to steal account names and passwords.

9

Discovery

The adversary is trying to figure out your environment.

10

Lateral Movement

The adversary is trying to move through your environment.

11

Collection

The adversary is trying to gather data of interest to their goal.

12

Command and Control

The adversary is trying to communicate with compromised systems to control them.

13

Exfiltration

The adversary is trying to steal data.

14

Impact

The adversary is trying to manipulate, interrupt, or destroy your systems and data.

Reference

Mitre Att&ck Official Site

YouTube

ATT&CK Navigator

Explanation of Mitre Att&ck

Link
Link
Link
Link
MITRE ATT&CK Framework
Attack Profile