MITRE ATT&CK

MITRE ATT&CK^® is a knowledge base of adversary tactics and techniques based on real world observations published by MITRE. This knowledge base can be used as the foundation for understanding the Cyber Attack patterns.

The MITRE Attack Matrices covers the following categories

• Enterprise
  • PRE
  • Windows
  • MacOS
  • Linux
  • Cloud
  • Containers
  • ESXi
• Mobile
• ICS (Industrial Control Systems)

The MITRE Attack chain has 14 Tactics that will be executed in order by an attacker. Each Tactics has different techniques depending on the motive of the attack. By analyzing events, alerts, logs from various devices in the organization, we can identify the pattern of an attack. If we can detect an attack early in the kill chain like in the reconnaissance or initial access, the attack objective like stealing data or service going down can be prevented completely without any impact to the target.

1. Reconnaissance – Gathering information about the target.
2. Resource – Developing resources to exploit the target.
3. Initial Access – Gaining the initial access of the target.
4. Execution – Executing malicious code on the target system.
5. Execution Persistence – Maintaining access to the compromised target system.
6. Privilege Escalation – Getting higher privilege access on the compromised target system.
7. Defense Evasion – Bypassing security controls on the compromised target system.
8. Credential Access – Getting credentials of the compromised target system.
9. Discovery – Discover information from the compromised target system.
10. Lateral Movement – Moving across network and infrastructure from the compromised target system
11. Collection – Gathering data from compromised target system.
12. Command and Control – Establishing command & and control channel with the compromised target system.
13. Exfiltration – Steal data from compromised target system.
14. Impact – Perform and complete the attack objective on compromised target system.