Following last year’s exceedingly successful inaugural MITRE ATT&CK™ conference, this year’s highly anticipated ATT&CKcon 2.0 conference will be held from Oct 28-30 at MITRE’s McLean headquarters.MITRE’s always open to hearing feedback about the limitations of the ATT&CK framework and how to make ATT&CK more useful. Today, I want to look at the structure of ATT&CK content.Part I: ATT&CK—A Taxonomy of Adversarial BehaviorThe MITRE ATT&CK framework is often described as a taxonomy of adversarial behavior based on real-world observation of APT campaigns. The goal is to standardize our knowledge and understanding of cybersecurity from an adversary’s perspective. Specific behaviors or actions, called techniques, classified under categories, called tactics, which reflect various phases of an adversarial attack lifecycle—like Lockheed’s cyber kill chain but with an emphasis on perspective and finer granularity.ATT&CK StructureFor example, by using utilities such as the Windows Task Scheduler or by placing an entry in the Startup Folder, adversaries can maintain a presence on a system even through a reboot. These are two techniques classified under the common tactic Persistence, and persistence is an important tactical concept because adversaries often need to maintain access to a system, through interruptions, in order to carry out their ob ..
Support the originator by clicking the read the rest link below.
