Introduction to MITRE’s ATT&CK Framework.pdf
seyohah504
13 views
21 slides
Nov 06, 2024
Slide 1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
About This Presentation
Introduction to MITRE’s ATT&CK Framework
Slide Content
CySecKWebinar Series
On24-Jun-2020
ByKirtar Oza
On24-Jun-2020
ByKirtar Oza
▪Introduction and Overview MITRE’s ATT&CK
▪Anatomy of MITRE ATT&CK –Components of ATT&CK
▪For people who want to get started with ATT&CK
▪Will not get in to too much of technical weeds
▪Deliberately kept simple and at high level
▪Can have workshop in-depth for some technical actions
2
Introduction to MITRE ATT&CK Framework
▪Anatomy of MITRE ATT&CK –Components of ATT&CK
▪For people who want to get started with ATT&CK
▪Will not get in to too much of technical weeds
▪Deliberately kept simple and at high level
▪Can have workshop in-depth for some technical actions
2
Introduction to MITRE ATT&CK Framework
▪MITRE –Non-profit Organization established in 1958
▪Felt the need to document common tactics,
techniques, and procedures (TTPs) that advanced
persistent threats use against Windows enterprise
▪Started in 2013 as a part of FMX Project
▪Investigate use of endpoint telemetry data and
analytics to improve post-compromise detection of
adversaries operating
3
Introduction to MITRE ATT&CK Framework
▪Felt the need to document common tactics,
techniques, and procedures (TTPs) that advanced
persistent threats use against Windows enterprise
▪Started in 2013 as a part of FMX Project
▪Investigate use of endpoint telemetry data and
analytics to improve post-compromise detection of
adversaries operating
3
Introduction to MITRE ATT&CK Framework
▪What is ATTA&CK ?
▪Why ATT&CK was needed? Why ATT&CK received the
wide acceptance?
▪Anatomy of ATT&CK
▪Demo: A Sample Technique and its detection
▪ATT&CK Navigator
▪ATT&CK Navigator in Cyber Threat Intelligence (CTI)
▪Approach to actionize ATT&CK
4
Introduction to MITRE ATT&CK Framework
▪Why ATT&CK was needed? Why ATT&CK received the
wide acceptance?
▪Anatomy of ATT&CK
▪Demo: A Sample Technique and its detection
▪ATT&CK Navigator
▪ATT&CK Navigator in Cyber Threat Intelligence (CTI)
▪Approach to actionize ATT&CK
4
Introduction to MITRE ATT&CK Framework
▪Repository of the Attackers’ Behaviour
▪MITRE ATT&CK™ is a globally-accessible knowledge base of
adversary tacticsand techniquesbased on real-world
observations.
•Common Language
•Community Driven
•Pre-ATT&CK
•Enterprise ATT&CK
•Mobile
•ICS(Industrial Control Systems)
Adversarial Tactics,
Techniques, and Common
Knowledge
5
Introduction to MITRE ATT&CK Framework
▪MITRE ATT&CK™ is a globally-accessible knowledge base of
adversary tacticsand techniquesbased on real-world
observations.
•Common Language
•Community Driven
•Pre-ATT&CK
•Enterprise ATT&CK
•Mobile
•ICS(Industrial Control Systems)
Adversarial Tactics,
Techniques, and Common
Knowledge
5
Introduction to MITRE ATT&CK Framework
Pyramid of pain
David J Bianco’s Pyramid of Pain
Source: http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
6
Introduction to MITRE ATT&CK Framework
Challenges in Pre-ATT&CK Era
–Lack of resources for building detection
capabilities
–Scattered resources (Reports, Red Teams,
SANS, Legacy Usecases)
–Unreliable Cyber Threat Intelligence
–LackofBenchmarkfor measurement
–Lackofguidancefordatacollection
David J Bianco’s Pyramid of Pain
Source: http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
6
Introduction to MITRE ATT&CK Framework
Challenges in Pre-ATT&CK Era
–Lack of resources for building detection
capabilities
–Scattered resources (Reports, Red Teams,
SANS, Legacy Usecases)
–Unreliable Cyber Threat Intelligence
–LackofBenchmarkfor measurement
–Lackofguidancefordatacollection
Tactics(12) –Technical Goals of the Adversary
Techniques
–
How the Goals are
achieved
7
Introduction to MITRE ATT&CK Framework
Techniques
–
How the Goals are
achieved
7
Introduction to MITRE ATT&CK Framework
268
146
176
0
50
100
150
200
250
300
Windows Linux Mac
ATT&CK Techniques by
Operating System
0
10
20
30
40
50
60
ATT&CK Techniques by Operating System
Windows Linux Mac
11
33
59
28
67
19
22
17
13
22
9
14
0
10
20
30
40
50
60
70
80
Initial AccessExecution PersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral Movement CollectionCommand and ControlExfiltration Impact
ATT&CK Techniques by Tactics
8
Introduction to MITRE ATT&CK Framework
146
176
0
50
100
150
200
250
300
Windows Linux Mac
ATT&CK Techniques by
Operating System
0
10
20
30
40
50
60
ATT&CK Techniques by Operating System
Windows Linux Mac
11
33
59
28
67
19
22
17
13
22
9
14
0
10
20
30
40
50
60
70
80
Initial AccessExecution PersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral Movement CollectionCommand and ControlExfiltration Impact
ATT&CK Techniques by Tactics
8
Introduction to MITRE ATT&CK Framework
9
Introduction to MITRE ATT&CK Framework
Introduction to MITRE ATT&CK Framework
10
Introduction to MITRE ATT&CK Framework
Introduction to MITRE ATT&CK Framework
11
Introduction to MITRE ATT&CK Framework
Introduction to MITRE ATT&CK Framework
12
Introduction to MITRE ATT&CK Framework
Introduction to MITRE ATT&CK Framework
13
Introduction to MITRE ATT&CK Framework
Introduction to MITRE ATT&CK Framework
14
Introduction to MITRE ATT&CK Framework
Introduction to MITRE ATT&CK Framework
15
Introduction to MITRE ATT&CK Framework
Introduction to MITRE ATT&CK Framework
▪Detection and Analytics
▪Cyber Threat Intelligence (CTI)
▪Assessment and Engineering
▪Adversary Emulation & Red Teaming
16
Introduction to MITRE ATT&CK Framework
▪Cyber Threat Intelligence (CTI)
▪Assessment and Engineering
▪Adversary Emulation & Red Teaming
16
Introduction to MITRE ATT&CK Framework
DEMO
17
Introduction to MITRE ATT&CK Framework
17
Introduction to MITRE ATT&CK Framework
▪Introduction & Demo
▪https://mitre-attack.github.io/attack-navigator/enterprise/#
18
Introduction to MITRE ATT&CK Framework
▪https://mitre-attack.github.io/attack-navigator/enterprise/#
18
Introduction to MITRE ATT&CK Framework
▪India Vs China
▪Gothic Panda
▪Stone Panda
19
Introduction to MITRE ATT&CK Framework
▪Gothic Panda
▪Stone Panda
19
Introduction to MITRE ATT&CK Framework
▪Ways to Prioritize the techniques
❑Data Sources -what data sources we have already
❑Threat Intelligence -what our adversaries are
doing ?
❑Tools -what your current tools can cover
❑Red Team -what can you see red teamer doing ?
20
Introduction to MITRE ATT&CK Framework
❑Data Sources -what data sources we have already
❑Threat Intelligence -what our adversaries are
doing ?
❑Tools -what your current tools can cover
❑Red Team -what can you see red teamer doing ?
20
Introduction to MITRE ATT&CK Framework
Thank You
21
Introduction to MITRE ATT&CK Framework
21
Introduction to MITRE ATT&CK Framework
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 13
- Slides 21
- Age 398 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
35 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
38 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
34 views
14
Fertility awareness methods for women in the society
Isaiah47
31 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
30 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
31 views