Collaborate Disseminate
The Discovery tactic is one which is difficult to defend against. It has a lot of similarities to the Reconnaissance stage of the Lockheed Martin Cyber Kill Chain. There are certain aspects of an organization which need to be exposed in order to operat… Continue reading The MITRE ATT&CK Framework: Discovery
There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero day or risk noisy exploits when you can just log in instead? If you were to break into a house, would you rather… Continue reading The MITRE ATT&CK Framework: Credential Access
This tactic has the most techniques of any of the other tactics discussed in the MITRE ATT&CK Framework so far. What I find interesting about these techniques is that they expose the tradecraft of the various threat actors behind malware attacks. A… Continue reading The MITRE ATT&CK Framework: Defense Evasion
Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access. Since I have spent most of my time on the d… Continue reading The MITRE ATT&CK Framework: Privilege Escalation
When I first started researching ATT&CK last year, Persistence was the tactic which made me fall in love. Even though I have been in the industry for some time, I learned more from digging into the various techniques here than any other tactic. Whi… Continue reading The MITRE ATT&CK Framework: Persistence
Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than Execution. When taking into consideration off-the-shelf malware, traditional ransomware, or state of the art advanced persistent threat actors, al… Continue reading The MITRE ATT&CK Framework: Execution
Although ATT&CK is not laid out in any linear order, Initial Access will be the point at which an attacker gains a foothold in your environment. This tactic is a nice transition point from PRE-ATT&CK to ATT&CK for Enterprise. What is differ… Continue reading The MITRE ATT&CK Framework: Initial Access
The MITRE ATT&CK Framework has gained a lot of popularity in the security industry over the past year. I have spent a lot of time researching the hundreds of techniques, writing content to support the techniques, and talking about the value to anyo… Continue reading The MITRE ATT&CK Framework: What You Need to Know
For the better part of a decade, I have spent a good amount of time analyzing security and compliance frameworks. There is beauty to be found in every one of them. Some are very high level and leave the organization to interpret how to implement the va… Continue reading Mapping the ATT&CK Framework to CIS Controls
Today, I will be going over Control 1 from version 7 of the top 20 CIS Controls – Inventory and Control of Hardware Assets. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 1 Start… Continue reading 20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets