MITRE review framework - ties2/Red-Team GitHub Wiki

The MITRE ATT&CK Framework is a widely used knowledge base of adversary tactics, techniques, and procedures (TTPs) that can be used to simulate attacks. The framework provides a comprehensive set of threat models that security teams can use to identify and mitigate potential risks to their organization. In this essay, we will provide an overview of the MITRE ATT&CK Framework, its benefits, and its use cases. Additionally, we will review the sources that are available for the framework, which can be helpful for anyone who wants to learn more about the framework.

https://www.google.com/search?client=safari&rls=en&q=mitre+att%26ck&ie=UTF-8&oe=UTF-8

• Reconnaissance • Resource Development • Initial Acess • Execution • Persistence • Privilege Escalation • Defense Evasion • Credential Access • Discovery • Lateral Movement • Collection • Command and Control • Exfiltration • Impact

CVE.mittre.org (technique) CWE.mittre.org (main category of attack-tactics) https://cwe.mitre.org/)

note: one of important attacks is UAF (use after free) it means a program has a lot of reference and when the program become close its reference stayed open and we use this feature most of the Linux distribution are vulnerable to this attack.

note: processhearpaderping connect mimikatz process to chrome so it gives Microsoft sign

MITRE has 14 tactics and every tactic has technique and technique has sub technique

site that we should sign up:

• Shodan (https://www.shodan.io/) • exploit.in (https://exploit.in) • zerodaylab (https://www.zdlgroup.com) • dark matter

MITRE defines a subdomain call Defend (d3fend.mitre.org)

note: klist (check it)

• Microsoft Exploit protection

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-exploit-protection?view=o365-worldwide

Overview of the MITRE ATT&CK Framework:

The MITRE ATT&CK Framework was first introduced in 2013 and is continually updated to keep up with emerging threat models. The framework is a hierarchical taxonomy of adversary TTPs, which are organized into tactics and techniques. The tactics are the overarching goals that an attacker may have, while the techniques are the specific methods that the attacker may use to achieve those goals.

The framework is divided into two main sections: the Enterprise section and the Mobile section. The Enterprise section covers TTPs that are commonly used in traditional corporate networks, while the Mobile section covers TTPs that are used in mobile devices and mobile applications.

The framework is maintained by MITRE, a not-for-profit organization that operates federally funded research and development centers (FFRDCs). MITRE collaborates with government agencies, industry, and academia to develop and apply innovative technology solutions to critical national challenges.

Benefits of the MITRE ATT&CK Framework:

The MITRE ATT&CK Framework provides several benefits to security teams, including the following:

  • Comprehensive coverage of TTPs: The framework covers a wide range of adversary TTPs, making it a comprehensive resource for identifying potential risks.

  • Standardized language: The framework uses a standardized language to describe adversary TTPs, which can help security teams communicate more effectively about potential threats.

  • Cross-functional: The framework can be used by a variety of stakeholders, including security analysts, threat hunters, incident responders, and senior leadership.

  • Community-driven: The framework is continually updated based on community feedback, ensuring that it stays relevant and up-to-date.

Sources for the MITRE ATT&CK Framework:

The following are some of the sources that are available for the MITRE ATT&CK Framework:

  • The MITRE ATT&CK website: The official website for the MITRE ATT&CK Framework provides a comprehensive overview of the framework, including the tactics and techniques that are included.

  • The ATT&CK Navigator: The ATT&CK Navigator is an open-source tool that provides an interactive view of the MITRE ATT&CK Framework. The tool allows users to visualize and explore the framework and to track their organization's security posture.

  • The MITRE ATT&CK Evaluation: The MITRE ATT&CK Evaluation is a framework for evaluating the effectiveness of cybersecurity products and solutions. The evaluation uses real-world attack scenarios to assess the ability of products to detect and respond to attacks.

  • ATT&CKcon: ATT&CKcon is an annual conference that brings together cybersecurity professionals to discuss the latest trends and developments in the use of the MITRE ATT&CK Framework.

  • ATT&CK-based threat intelligence: Several threat intelligence platforms, such as ThreatConnect and Recorded Future, provide ATT&CK-based threat intelligence feeds that can be used to inform security operations.