Anton, Friendlyantz

Software Engineer, interested in back-end and TDD, AI and CyberSec

The MITRE ATTACK Framework is a curated knowledge base that tracks cyber adversary tactics and techniques

TTPs (Tactics, Techniques, and Procedures):

  1. Tactics: Adversarial tactics are specific technical objectives that an adversary intends to achieve
  2. A technique describes one specific way an adversary may try to achieve an objective.
  3. Procedures: A procedure is a series of actions that an adversary may take to achieve a technique.

Crowdstrike definition - start here

Mitre Att&Ck official security framework

Enterprise Tactics

CrowdStrike Falcon Adaptation

Our Objective layer: Groups related tactics, making them easier to learn and remember.

  • Gain access – Initial Access, Credential Access, Privilege Escalation
  • Keep access – Persistence, Defense Evasion
  • Explore – Discovery, Lateral Movement
  • Contact controlled systems – Command and Control
  • Follow through (basically, steal and break things) – Collection, Exfiltration, Execution, Impact
  • Network-based effects – Network Effects, Remote Service Effects

Leave a comment