ATT&CK – Page 3 – WindowsTechs.com

The MITRE ATT&CK Framework: Command and Control

Posted on October 2, 2018 by Travis Smith

Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case of ransomware. In each case of command and control, the attacker … Continue reading The MITRE ATT&CK Framework: Command and Control→

The MITRE ATT&CK Framework: Exfiltration

Posted on September 25, 2018 by Travis Smith

Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage. Ransomware, for example, usually has no interest in exfiltratin… Continue reading The MITRE ATT&CK Framework: Exfiltration→

The MITRE ATT&CK Framework: Collection

Posted on September 18, 2018 by Travis Smith

The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives. I see most of these techniques as being useful for describing what a piece of malware or threat act… Continue reading The MITRE ATT&CK Framework: Collection→

The MITRE ATT&CK Framework: Lateral Movement

Posted on September 11, 2018 by Travis Smith

It will be rare that an attacker exploits a single system and does not attempt any lateral movement within the network. Even ransomware that typically targets a single system at a time has attempted to spread across the network looking for other victim… Continue reading The MITRE ATT&CK Framework: Lateral Movement→

The MITRE ATT&CK Framework: Privilege Escalation

Posted on August 14, 2018 by Travis Smith

Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access. Since I have spent most of my time on the d… Continue reading The MITRE ATT&CK Framework: Privilege Escalation→

The MITRE ATT&CK Framework: Persistence

Posted on August 7, 2018 by Travis Smith

When I first started researching ATT&CK last year, Persistence was the tactic which made me fall in love. Even though I have been in the industry for some time, I learned more from digging into the various techniques here than any other tactic. Whi… Continue reading The MITRE ATT&CK Framework: Persistence→

The MITRE ATT&CK Framework: Execution

Posted on July 31, 2018 by Travis Smith

Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than Execution. When taking into consideration off-the-shelf malware, traditional ransomware, or state of the art advanced persistent threat actors, al… Continue reading The MITRE ATT&CK Framework: Execution→

A Look Inside the April Update to the MITRE ATT&CK Framework

Posted on April 20, 2018 by Travis Smith

The MITRE ATT&CK Framework is an excellent resource when it comes to defining threat intelligence. The hundreds of techniques mapped across various tactics help define an adversary’s behaviors in enterprise networks. What’s better is th… Continue reading A Look Inside the April Update to the MITRE ATT&CK Framework→