Downloaded 75 times
Uploaded byTripwire
Defend Your Data Now with the MITRE ATT&CK Framework
The document discusses various techniques and tactics associated with the MITRE ATT&CK framework, focusing on offensive and defensive strategies for cybersecurity. It highlights methods of credential access, execution, exfiltration, and persistence, along with defense evasion techniques and system discovery tactics employed by attackers. Additionally, it suggests assessing current security measures and addressing coverage gaps by utilizing resources related to critical security controls.
More Related Content
Similar to Defend Your Data Now with the MITRE ATT&CK Framework
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
Defend Your Data Now with the MITRE ATT&CK Framework
- 1. Leveraging MITRE ATT&CK TravisSmith Principal Security Researcher
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 16.
- 32. Persistence Privilege EscalationDefense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command & Control DLL Search Order Hijacking Brute Force Account Discovery Windows Remote Management Automated Collection Automated Exfiltration Commonly Used Port Legitimate Credentials Credential Dumping Application Window Discovery Third-party Software Accessibility Features Binary Padding Application Deployment Software Command-Line Clipboard Data Data Compressed Communication Through Removable Media AppInit DLLs Code Signing Credential Manipulation File and Directory Discovery Execution through API Data Staged Data Encrypted Local Port Monitor Component Firmware Exploitation of Vulnerability Data from Local System Data Transfer Size Limits New Service DLL Side-Loading Credentials in Files Local Network Configuration Discovery Logon Scripts Graphical User Interface Data from Network Shared Drive Exfiltration Over Alternative Protocol Custom Command and Control Protocol Path Interception Disabling Security Tools Input Capture Pass the Hash Scheduled Task File Deletion Network Sniffing Local Network Connections Discovery Pass the Ticket InstallUtil Data from Removable Media Exfiltration Over Command and Control Channel Custom Cryptographic Protocol File System Permissions Weakness File System Logical Offsets Two-Factor Authentication Interception Network Service Scanning Remote Desk Protocol PowerShell Email Collection Exfiltration Over Other Network Medium Data Obfuscation Service Registry Permission Weakness Remote File Copy Process Hollowing Input Capture Fallback Channels Web Shell Indicator Blocking Peripheral Device Discovery Remote Service Regsvcs/Regasm Screen Capture Exfiltration Over Other Physical Medium Multi-Stage Channels Basic Input/Output System Exploitation of Vulnerability Permissions Group Discovery Replication Through Removable Media Regscvr32 Audio Capture Multiband Communication Bootkit Bypass User Account Control Process Discovery Shared Webroot Rundll32 Video Capture Scheduled Transfer Multilayer Encryption Change Default File Association DLL Injection Query Registry Taint Shared Content Scheduled Task Component Firmware Component Object Model Hijacking Remote System Discovery Windows Admin Shares Scripting Peer Connections Hypervisor Indicator Removal from Tools Security Software Discovery Service Execution Remote File Copy Logon Scripts Indicator Removal on Host System Information Discovery Windows Management Instrumentation Standard Application Layer Protocol Modify Existing Service InstallUtil System Owner / User Discovery Redundant Access Masquerading System Service Discovery MSBuild Standard Cryptographic Protocol Registry Run Keys/Start Folder Modify Registry Execution Through Module Load Security Support Provider NTFS Extended Attributes System Time Discovery Standard Non-Application Layer Protocol Shortcut Modification Obfuscated Files or Information Windows Management Process Hollowing Uncommonly Used Port Instrument Event Subscription Redundant Access Web Service Winlogon Helper DLL Regsvcs/Regasm Data Encoding Netsh Helper DLL Regsvr Authentication Package Rootkit External Remote Services Rundll32 Scripting Software Packing Timestomp MSBuild Network Share Removal Install Root Certificate
- 33. Persistence Privilege EscalationDefense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command & Control DLL Search Order Hijacking Brute Force Account Discovery Windows Remote Management Automated Collection Automated Exfiltration Commonly Used Port Legitimate Credentials Credential Dumping Application Window Discovery Third-party Software Accessibility Features Binary Padding Application Deployment Software Command-Line Clipboard Data Data Compressed Communication Through Removable Media AppInit DLLs Code Signing Credential Manipulation File and Directory Discovery Execution through API Data Staged Data Encrypted Local Port Monitor Component Firmware Exploitation of Vulnerability Data from Local System Data Transfer Size Limits New Service DLL Side-Loading Credentials in Files Local Network Configuration Discovery Logon Scripts Graphical User Interface Data from Network Shared Drive Exfiltration Over Alternative Protocol Custom Command and Control Protocol Path Interception Disabling Security Tools Input Capture Pass the Hash Scheduled Task File Deletion Network Sniffing Local Network Connections Discovery Pass the Ticket InstallUtil Data from Removable Media Exfiltration Over Command and Control Channel Custom Cryptographic Protocol File System Permissions Weakness File System Logical Offsets Two-Factor Authentication Interception Network Service Scanning Remote Desk Protocol PowerShell Email Collection Exfiltration Over Other Network Medium Data Obfuscation Service Registry Permission Weakness Remote File Copy Process Hollowing Input Capture Fallback Channels Web Shell Indicator Blocking Peripheral Device Discovery Remote Service Regsvcs/Regasm Screen Capture Exfiltration Over Other Physical Medium Multi-Stage Channels Basic Input/Output System Exploitation of Vulnerability Permissions Group Discovery Replication Through Removable Media Regscvr32 Audio Capture Multiband Communication Bootkit Bypass User Account Control Process Discovery Shared Webroot Rundll32 Video Capture Scheduled Transfer Multilayer Encryption Change Default File Association DLL Injection Query Registry Taint Shared Content Scheduled Task Component Firmware Component Object Model Hijacking Remote System Discovery Windows Admin Shares Scripting Peer Connections Hypervisor Indicator Removal from Tools Security Software Discovery Service Execution Remote File Copy Logon Scripts Indicator Removal on Host System Information Discovery Windows Management Instrumentation Standard Application Layer Protocol Modify Existing Service Install Util System Owner / User Discovery Redundant Access Masquerading System Service Discovery MSBuild Standard Cryptographic Protocol Registry Run Keys/Start Folder Modify Registry Execution Through Module Load Security Support Provider NTFS Extended Attributes System Time Discovery Standard Non-Application Layer Protocol Shortcut Modification Obfuscated Files or Information Windows Management Process Hollowing Uncommonly Used Port Instrument Event Subscription Redundant Access Web Service Winlogon Helper DLL Regsvcs/Regasm Data Encoding Netsh Helper DLL Regsvr Authentication Package Rootkit External Remote Services Rundll32 Scripting Software Packing Timestomp MSBuild Network Share Removal Install Root Certificate Assess Current Coverage Identify Critical Gaps Address Gaps
- 44.
- 45.