1 Answers
Rebecca Kappel Staff answered 2 months ago MITRE ATT&CK tactics and techniques are pivotal components of the MITRE Attack framework, which categorizes the methods and tactics employed by adversaries throughout various stages of cyber attacks. As of the most recent update, the MITRE ATT&CK framework encompasses over 300 Mitre Att&ck techniques, each categorized under one of the 11 tactics delineated below:
- IInitial Access: This tactic focuses on adversaries’ methods to gain the first foothold into a target environment. Techniques within this tactic may include phishing, exploiting vulnerabilities in external-facing services, or using stolen credentials.
- Execution: Techniques in this tactic involve running malicious code on a target system. This could include executing a malware payload, running scripts, or exploiting vulnerabilities to execute arbitrary commands.
- Persistence: Persistence tactics involve maintaining access to a compromised system over time. This may include creating new accounts, installing backdoors, or modifying system configurations to ensure continued access even after system reboots or security measures are implemented.
- Privilege Escalation: Adversaries often seek to escalate their privileges within a compromised environment to gain access to additional resources or perform actions restricted to higher privilege levels. Techniques for privilege escalation may include exploiting vulnerabilities, abusing misconfigured permissions, or stealing credentials with higher privileges.
- Defense Evasion: Tactics in this category aim to avoid detection by security tools and defenders. Adversaries may employ techniques such as obfuscating code, encrypting payloads, or using anti-analysis techniques to evade detection by security mechanisms.
- Credential Access: This tactic involves obtaining valid user credentials to gain unauthorized access to systems or resources. Techniques for credential access may include phishing, brute-force attacks, or exploiting vulnerabilities in authentication mechanisms.
- Discovery: Discovery tactics involve gathering information about a target environment to aid in further attacks. Techniques may include scanning for vulnerabilities, enumerating system configurations, or gathering information about network topology and user accounts.
- Lateral Movement: Once inside a network, adversaries often attempt to move laterally to other systems or network segments. Techniques for lateral movement may include exploiting vulnerabilities, using stolen credentials, or abusing trust relationships between systems.
- Collection: Collection tactics involve gathering data or information from compromised systems. Techniques for data collection may include keylogging, screen capturing, or extracting sensitive information from files and databases.
- Exfiltration: Tactics involve transferring stolen data or information from the target environment. Techniques for exfiltration may include using encrypted channels, disguising data within legitimate network traffic, or copying files to external storage devices.
- Command and Control: Command and control tactics involve establishing and maintaining communication channels with compromised systems. Techniques for command and control may include using remote access tools, creating backdoor channels, or communicating with external command-and-control servers.
Please login or Register to submit your answer
