Understanding MITRE Attack Framework

Gupta Bless
7 min readSep 3, 2022
Photo by Dan Nelson on Unsplash

Introduction

ATT&CK is an acronym that stands for Adversarial Tactics, Techniques, and Common Knowledge. It is a framework that was developed by “MITRE,” which is a not-for-profit organization that is involved in numerous security projects in order to secure enterprises. The ATT&CK methodology is a document-based approach that makes use of real-world observations. Its purpose is to make it possible for an organization to be aware of the models and methodologies that an attacker employs in order to carry out an attack, as well as to specify the mitigation for each individual attack.

What is the ATT&CK framework?

Source

The ATT & CK framework is constantly developing new attack tips and strategies, and the IT team and the security team can use those recommendations to mitigate risk and prioritize tasks. It offers a variety of viewpoints on an attack and enables teams to check and predict the behaviour of an assault based on documentation. Additionally, it provides numerous perspectives on an attack. Not only can the team make accurate forecasts, but they also have the ability to react quickly and effectively to any potential threats.

The term “adversarial” is employed in this paradigm to denote “self explanatory,” which means that if organizations use any terms, such terms should have sufficient explanation that anyone can comprehend in detail by seeing those phrases.

As a general rule, “Tactics” refers to what the adversarial is attempting to achieve, such as discovery or first access, while “Techniques” describes how the adversarial achieves access by carrying out actions such as compromising the target.

The “Common Knowledge” is mostly a document of many adversarial strategies, tactics, and methods. ATT&CK strategies are the means through which an adversary accomplishes a goal and then acts in accordance with that purpose. These methods include providing a comprehensive description of the danger so that the security team is aware of the reasons behind the imperative to investigate more. The particular actions that adversaries carried out in order…

--

--

Gupta Bless

Security enthusiast working to secure web for others.