MITRE ATT&CK Framework

Hello secfolks. I'm back with a new post. In this post I will be discussing about something that is equally beneficial for both red teams and blue teams.

I will try to make this post a one point stop for those who wants to understand what MITRE ATT&CK Framework is.





The MITRE ATT&CK Framework is a huge matrix that gives deep insights into the methods and techniques used by various Cyber Threat Intelligence (CTI) researchers, threat hunters, red teamers and blue teamers for the better classification of attacks, threats or risks that an entity or an organization may face..


The objective of the framework is to provide a knowledge base that is designed to help answer questions that contribute to an organization's awareness of the security posture outside and beyond the perimeter.

click here to visit the MITRE ATT&CK Framework




The above screenshot gives you a peep into the framework.


Well, as it is evident from the screenshot the first-time view of the framework can be really overwhelming and many questions might rise in your mind like...


Where to begin ?

What to do ?

What is this all about ?




Well don't worry. For this very reason they provide free training.

The training has 5 modules




To visit the training click here : ATT&CK Training for CTI


I would recommend you to first go through the training before you go all over the framework.


ATT&CK Matrix for Enterprises has 11 tactics that are as mentioned below:


  • Initial Access

  • Execution

  • Persistence

  • Privilege Escalation

  • Defense Evasion

  • Credential Access

  • Discovery

  • Lateral Movement

  • Collection

  • Command and Control

  • Exfiltration

  • Impact


Each tactics can be further explored which give takes you to new insights about the modus operandi of various adversaries, various cyber weapons used, how they are deployed, various loopholes that are leveraged by the adversaries etc etc.


Now for a blue team this can a be treasure as they can use this framework in their analysis or researches and use it to design a better strategy of defense.


If you are an OSINT researcher and interested in researching about various APTs and threat actors then this framework might be something that you are looking for. To know about various APTs and threat actors visit https://attack.mitre.org/groups/


On the other hand red teams can use this framework for the betterment of their operations. MITRE ATT&CK provides Adversary Emulation Plans which can be used by red teams.


Hope this post was knowledgeable.


Until our next post, stay tuned!!


Follow us on instagram :https://www.instagram.com/bluefire_redteam/

Come join us in discord : https://discord.gg/8Cgf6E


#cybersecurity #infosec #securityfolks #threathunting #CTI #redteam #blueteam #OSINT

25 views

People Do Crazy Stuff and We are one of them.

Thinkers and doers, from the field of Cybersecurity, Ethical Hacking, Python, Dark Net and Forensics, getting inspired from people from the same as well as different field of knowledge.

  • 800px-Telegram_2019_Logo.svg
  • Twitter
  • Instagram
  • Facebook

© 2020 by Bluefire Redteam LLP