MITRE ATT&CK Framework
The first goal adversaries aim to achieve in the MITRE ATT&CK framework.
What is a tactic?
This STRIDE category involves an attacker impersonating another user to gain access.
What is Spoofing?
An adversary emulation platform used for simulating TTPs in a controlled environment within Purple Team exercises.
What is MITRE Caldera?
The purpose of Purple Team exercises is to foster this between red and blue teams.
What is collaboration?
Helps visualize defensive coverage of adversary tactics and techniques.
What is the MITRE ATT&CK Navigator?
The steps required to perform a specific technique in the MITRE ATT&CK framework.
What are procedures?
This framework evaluates threats based on damage potential, reproducibility, and ease of exploit or a role for Sylvester Stallone.
What is the DREAD framework?
Read teams try to emulate these real-world groups when simulating their attack.
What are APTs?
This team focuses on emulating adversarial tactics to test vulnerabilities.
What is the red team?
Blue teams use these to map their defenses and identify gaps in detection and response.
What are TTPs.
Methods to achieve the goals of the MITRE ATT&CK framework.
What are techniques?
The threat model emphasizes aligning security with business objectives and simulating attacks or a type of macaroni.
What is PASTA?
A tool used by blue teams for real-time attack detection.
What is a SIEM?
The blue team uses this type of monitoring to detect lateral movement in a network.
What is network traffic monitoring?
Credential Dumping is one of these found under the Credential Access Tactic.
What is a technique?
Valid Accounts fall under this Tactic in the MITRE ATT&CK Framework.
This threat modeling framework categorizes risks using six distinct areas: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
What is STRIDE?
This emulates adversary behavior on a target system such as Windows. Mr. Anderson doesn't like them.
What is an agent?
This team develops defense strategies and responds to attacks.
What is the blue team?
This type of test, distinct from adversary emulation, primarily aims to identify and report vulnerabilities in an organization’s systems.
What is penetration testing?
This technique allows adversaries to expand access within a network, commonly used by attackers to reach high-value targets.
What is Lateral Movement?
A framework that aligns with business goals through asset-based threat profiles and long-term risk management. Can you play that tune in a higher one?
What is OCTAVE?
This approach in adversary emulation uses predefined profiles to replicate the tactics of known threat actors, helping teams prepare for specific attack behaviors.
What is the use of threat actor profiles?
A concept where red and blue teams use a shared framework to enhance detection and defense capabilities.
What is purple teaming?
A collaborative cybersecurity exercise where both offensive and defensive teams work together in a continuous feedback loop to enhance detection and response.
What is a purple team exercise?