Authored by: PlexTrac Author Posted on: May 1, 2020 MITRE ATT&CK® Framework: Defined and Outlined According to the MITRE website, “MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.” Basically, this deep catalog of hackers’ tools of the trade is a fount of cybersecurity knowledge. The ATT&CK® framework can lay the foundation for offensive and defensive strategies in cybersecurity. The ATT&CK® Gold Standard Developed by MITRE, a non-profit think tank that manages federally funded research and development centers (FFRDCs), the open source ATT&CK® framework is becoming the gold standard for cybersecurity strategy. The acronym stands for Adversarial Tactics, Techniques & Common Knowledge. The framework has undergone several iterations but continues to seek to be as comprehensive of a paradigm for understanding and cataloging cyber threats as is possible. MITRE actively seeks contributions to the framework from practitioners to keep it current and just released a beta-version with sub-techniques this year. Three matrices are available: Enterprise ATT&CK®, Pre-ATT&CK®, and Mobile ATT&CK®. The 12 MITRE ATT&CK® Tactics The ATT&CK® Framework consists of 12 tactics. These are often considered the “why” part of the equation. Each tactic represents an objective that the attacker wishes to achieve in their current step of compromise (ex: achieving “Initial Access” to a network, server, etc.). These 12 tactics are defined and outlined below (to see official definitions and additional information, visit MITRE’s website here): Initial Access: Techniques that use various entry vectors to gain their initial foothold within a network. Execution: Techniques that result in adversary-controlled code running on a local or remote system. Persistence: Techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off access. Privilege Escalation: Techniques adversaries use to gain higher-level permissions on a system or network. Defense Evasion: Techniques that adversaries use to avoid detection throughout their compromise. Credential Access: Techniques for stealing credentials like account names and passwords. Discovery: Techniques an adversary may use to gain information about the system and internal network. Lateral Movement: Techniques adversaries use to enter and control remote systems on a network. Collection: Techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary’s objectives. Command and Control: Techniques adversaries use to communicate with systems under their control within a victim network. Exfiltration: Consists of techniques that adversaries may use to steal data from your network. Impact: The techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Why the ATT&CK® Framework is Valuable The ATT&CK matrices serve public and private enterprises as foundations of knowledge for modeling threats and methodologies. PlexTrac CEO, Dan DeCloss says, “We love to reference the MITRE ATT&CK® framework because it breaks everything down based on the attack lifestyle, which, at the end of the day, is what we are really trying to do—identify issues that crop up in each of those different tactics.” All that collected and aggregated information gives both red and blue teams extensive knowledge to plan assessments, and knowledge is power. But effectively using the power available in the ATT&CK® knowledge base takes work. PlexTrac helps manage and aggregate the data produced when following the ATT&CK® framework so teams can better collaborate. Using PlexTrac with MITRE ATT&CK® can take cybersecurity team to the next level with a purple teaming paradigm. References https://attack.mitre.org https://digitalguardian.com/blog/what-mitre-attck-framework PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.
How Do I Pentest My LLM? In the world of cybersecurity, AI is the perpetual topic du jour, and more specifically Generative AI. The use of LLMs for all kinds of use cases is the craze and the AI ecosystem continues to move at a rapid pace. When it comes to pentesting, the job of every tester is to keep up... READ ARTICLE
What FedRAMP’s New Vulnerability Management Standard Means for Pentesters and Vuln Managers Breaking Down the New RFC-0012 Standard Under FedRAMP and How It Can Change Your Daily Security Operations If you work in vulnerability management or penetration testing for cloud systems under FedRAMP, buckle up because the new RFC-0012: FedRAMP Continuous Vulnerability Management Standard is going to change how your work is scoped, tracked, and prioritized. The... READ ARTICLE
Beneath the Hat: My Black Hat 2025 Takeaways, Including the AI Imperative As I write this from the airport, the desert heat of Las Vegas is finally fading and I’m reflecting on the whirlwind that was Black Hat USA 2025. For me, this conference is always about two things: the people and the ideas. We hosted our annual Customer Appreciation Night and ran a Pentest Reporting Bootcamp,... READ ARTICLE