MA
Uploaded byMITRE ATT&CK
PDF, PPTX864 views

ATT&CK Updates- Defensive ATT&CK

Lex Crumpton leads MITRE's defensive ATT&CK efforts. In 2021, they added data sources and detections for monitoring processes interacting with LSASS.exe and detecting credential dumping tools. In 2022, they plan to add more detections and develop the Cyber Analytic Repository to share analytic knowledge. Crumpton invites attendees to learn more about defensive ATT&CK on their website and contact them directly with any other questions.

Embed presentation

Download as PDF, PPTX
Defensive ATT&CK Updates Lex Crumpton ATT&CK Defensive Lead @LexOnTheHunt ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
Who am I • Lead Cybersecurity Engineer • Former Exploitation Developer…turned blue...never looked back • Manage some things: • Digital Forensics Teams • Threat Hunting Teams • Detection Teams • My Canine Child • My Chaotic Workaholic Lifestyle J ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
What is Defensive ATT&CK? • Mitigations • Data Sources:Components • Detections • Cyber Analytic Repository (CAR) ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
2021 ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 ID Data Source Data Component Detections DS0017 Command Command Execution Monitor executed commands and arguments that may attempt to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS). Such as procdump -ma lsass.exe lsass_dump DS0009 Process OS API Execution Monitor for API calls that may attempt to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS). Process Access Monitor for unexpected processes interacting with LSASS.exe. Common credential dumpers such as Mimikatz access LSASS.exe by opening the process, location the LSA secrets key, and decrypting the sections in memory where credential details are stored. Credential dumpers may also use methods for reflective Process Injection to reduce potential indicators of compromise activity. Process Creation Monitor newly executed processes that may be indicative of credential dumping, such as procdump.
2022 ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 COMING SOON
Cyber Analytic Repository ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 2022
Cyber Analytic Repository ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 2022
Looking towards the future… Detections 2022 ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 Cyber Analytic Repository
https://attack.mitre.org attack@mitre.org @mitreattack Lex Crumpton @LexOnTheHunt ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26

More Related Content

PDF
State of the ATT&CK
byMITRE ATT&CK
 
PDF
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
PDF
Mapping ATT&CK Techniques to ENGAGE Activities
byMITRE ATT&CK
 
PDF
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
PDF
Threat Modelling - It's not just for developers
byMITRE ATT&CK
 
PDF
ATT&CKING Containers in The Cloud
byMITRE ATT&CK
 
PDF
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
 
PDF
The ATT&CK Latin American APT Playbook
byMITRE ATT&CK
 
State of the ATT&CK
byMITRE ATT&CK
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
Mapping ATT&CK Techniques to ENGAGE Activities
byMITRE ATT&CK
 
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
Threat Modelling - It's not just for developers
byMITRE ATT&CK
 
ATT&CKING Containers in The Cloud
byMITRE ATT&CK
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
 
The ATT&CK Latin American APT Playbook
byMITRE ATT&CK
 

What's hot

PDF
ATT&CK Updates- ATT&CK's Open Source
byMITRE ATT&CK
 
PPTX
Putting MITRE ATT&CK into Action with What You Have, Where You Are
byKatie Nickels
 
PDF
It's just a jump to the left (of boom): Prioritizing detection implementation...
byMITRE ATT&CK
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
PDF
ATT&CK Updates- ATT&CK for ICS
byMITRE ATT&CK
 
PDF
Projects to Impact- Operationalizing Work from the Center
byMITRE ATT&CK
 
PDF
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
byMITRE ATT&CK
 
PDF
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
byMITRE ATT&CK
 
PDF
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
byMITRE ATT&CK
 
PDF
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
byMITRE ATT&CK
 
PPTX
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
PDF
The ATT&CK Philharmonic
byMITRE ATT&CK
 
PDF
When Insiders ATT&CK!
byMITRE ATT&CK
 
PDF
Automation: The Wonderful Wizard of CTI (or is it?)
byMITRE ATT&CK
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
PDF
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
PDF
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
byJorge Orchilles
 
PDF
ATT&CKcon Intro
byMITRE ATT&CK
 
PDF
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
byMITRE - ATT&CKcon
 
ATT&CK Updates- ATT&CK's Open Source
byMITRE ATT&CK
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
byKatie Nickels
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
byMITRE ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
ATT&CK Updates- ATT&CK for ICS
byMITRE ATT&CK
 
Projects to Impact- Operationalizing Work from the Center
byMITRE ATT&CK
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
byMITRE ATT&CK
 
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
byMITRE ATT&CK
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
byMITRE ATT&CK
 
ATT&CK Metaverse - Exploring the Limitations of Applying ATT&CK
byMITRE ATT&CK
 
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
The ATT&CK Philharmonic
byMITRE ATT&CK
 
When Insiders ATT&CK!
byMITRE ATT&CK
 
Automation: The Wonderful Wizard of CTI (or is it?)
byMITRE ATT&CK
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
 
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
byJorge Orchilles
 
ATT&CKcon Intro
byMITRE ATT&CK
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
byMITRE - ATT&CKcon
 

Similar to ATT&CK Updates- Defensive ATT&CK

PPTX
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
byAdam Pennington
 
PDF
State of the ATTACK
byMITRE - ATT&CKcon
 
PDF
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
PDF
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
byKatie Nickels
 
PDF
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
byAdam Pennington
 
PDF
Introduction to MITRE ATT&CK
byArpan Raval
 
PPTX
ATT&CKing with Threat Intelligence
byChristopher Korban
 
PDF
State of the ATT&CK May 2023
byAdam Pennington
 
PDF
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
byMITRE ATT&CK
 
PDF
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
byRobert Brandel
 
PDF
MITRE-Module 1 Slides.pdf
byReZa AdineH
 
PDF
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
byAdam Pennington
 
PDF
How to measure your security response readiness?
byTomasz Jakubowski
 
PPTX
Enterprise-MITRE-ATTandCK-Threat-Hunting _ Updated.pptx
byBheemeshChowdary2
 
PDF
Putting the PRE into ATTACK
byMITRE - ATT&CKcon
 
PDF
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
bySymantec
 
PDF
State of the ATT&CK - ATT&CKcon Power Hour
byAdam Pennington
 
PDF
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK
byAdam Pennington
 
PDF
Update from the MITRE ATT&CK Team
byAdam Pennington
 
PDF
MITRE_ATTACK_Enterprise_11x17.pdf
byAisyiFree
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
byAdam Pennington
 
State of the ATTACK
byMITRE - ATT&CKcon
 
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
byKatie Nickels
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
byAdam Pennington
 
Introduction to MITRE ATT&CK
byArpan Raval
 
ATT&CKing with Threat Intelligence
byChristopher Korban
 
State of the ATT&CK May 2023
byAdam Pennington
 
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
byMITRE ATT&CK
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
byRobert Brandel
 
MITRE-Module 1 Slides.pdf
byReZa AdineH
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
byAdam Pennington
 
How to measure your security response readiness?
byTomasz Jakubowski
 
Enterprise-MITRE-ATTandCK-Threat-Hunting _ Updated.pptx
byBheemeshChowdary2
 
Putting the PRE into ATTACK
byMITRE - ATT&CKcon
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
bySymantec
 
State of the ATT&CK - ATT&CKcon Power Hour
byAdam Pennington
 
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK
byAdam Pennington
 
Update from the MITRE ATT&CK Team
byAdam Pennington
 
MITRE_ATTACK_Enterprise_11x17.pdf
byAisyiFree
 

More from MITRE ATT&CK

PDF
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
byMITRE ATT&CK
 
PDF
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Enterprise - Casey Knerr
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Software - Jared Ondricek
byMITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
byMITRE ATT&CK
 
PDF
ATT&CK From Basic Principles - Tareq AlKhatib
byMITRE ATT&CK
 
PDF
Updates from The Center for Threat Informed Defense - Jon Baker
byMITRE ATT&CK
 
PDF
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
byMITRE ATT&CK
 
PDF
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
byMITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
byMITRE ATT&CK
 
PDF
State of the ATT&CK 2024 - Adam Pennington
byMITRE ATT&CK
 
PDF
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
byMITRE ATT&CK
 
PDF
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
byMITRE ATT&CK
 
PDF
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
byMITRE ATT&CK
 
PDF
Every Cloud Has a Purple Lining - Arun Seelagan
byMITRE ATT&CK
 
PDF
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
byMITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Lightning Talks - Various Speakers
byMITRE ATT&CK
 
PDF
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
byMITRE ATT&CK
 
PDF
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
byMITRE ATT&CK
 
PDF
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
byMITRE ATT&CK
 
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
byMITRE ATT&CK
 
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
byMITRE ATT&CK
 
MITRE ATT&CK Updates: Enterprise - Casey Knerr
byMITRE ATT&CK
 
MITRE ATT&CK Updates: Software - Jared Ondricek
byMITRE ATT&CK
 
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
byMITRE ATT&CK
 
ATT&CK From Basic Principles - Tareq AlKhatib
byMITRE ATT&CK
 
Updates from The Center for Threat Informed Defense - Jon Baker
byMITRE ATT&CK
 
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
byMITRE ATT&CK
 
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
byMITRE ATT&CK
 
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
byMITRE ATT&CK
 
State of the ATT&CK 2024 - Adam Pennington
byMITRE ATT&CK
 
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
byMITRE ATT&CK
 
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
byMITRE ATT&CK
 
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
byMITRE ATT&CK
 
Every Cloud Has a Purple Lining - Arun Seelagan
byMITRE ATT&CK
 
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
byMITRE ATT&CK
 
ATT&CKcon 5.0 Lightning Talks - Various Speakers
byMITRE ATT&CK
 
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
byMITRE ATT&CK
 
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
byMITRE ATT&CK
 
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
byMITRE ATT&CK
 

Recently uploaded

PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
API-First Architecture in Financial Systems
bycyy111112
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
The year in review - MarvelClient in 2025
bypanagenda
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 

ATT&CK Updates- Defensive ATT&CK

  • 1.
    Defensive ATT&CK Updates LexCrumpton ATT&CK Defensive Lead @LexOnTheHunt ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
  • 2.
    Who am I •Lead Cybersecurity Engineer • Former Exploitation Developer…turned blue...never looked back • Manage some things: • Digital Forensics Teams • Threat Hunting Teams • Detection Teams • My Canine Child • My Chaotic Workaholic Lifestyle J ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
  • 3.
    What is Defensive ATT&CK? •Mitigations • Data Sources:Components • Detections • Cyber Analytic Repository (CAR) ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26
  • 4.
    2021 ©2022 The MITRECorporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 ID Data Source Data Component Detections DS0017 Command Command Execution Monitor executed commands and arguments that may attempt to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS). Such as procdump -ma lsass.exe lsass_dump DS0009 Process OS API Execution Monitor for API calls that may attempt to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS). Process Access Monitor for unexpected processes interacting with LSASS.exe. Common credential dumpers such as Mimikatz access LSASS.exe by opening the process, location the LSA secrets key, and decrypting the sections in memory where credential details are stored. Credential dumpers may also use methods for reflective Process Injection to reduce potential indicators of compromise activity. Process Creation Monitor newly executed processes that may be indicative of credential dumping, such as procdump.
  • 5.
    2022 ©2022 The MITRECorporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 COMING SOON
  • 6.
    Cyber Analytic Repository ©2022The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 2022
  • 7.
    Cyber Analytic Repository ©2022The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 2022
  • 8.
    Looking towards thefuture… Detections 2022 ©2022 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26 Cyber Analytic Repository
  • 9.
    https://attack.mitre.org attack@mitre.org @mitreattack Lex Crumpton @LexOnTheHunt ©2022 TheMITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 22-00706-26