Defend Your Data Now with the MITRE ATT&CK Framework
•Download as PPTX, PDF•
3 likes•939 views
MITRE is a not-for-profit organization that operates federally-funded research and development centers. Their ATT&CK framework is a useful cybersecurity model illustrating how adversaries behave and explaining the tactics you should use to mitigate risk and improve security. ATT&CK stands for “adversarial tactics, techniques and common knowledge.” This presentation explores a methodology for pairing proven industry frameworks like MITRE ATT&CK with threat modeling practices to quickly detect and respond to cyber threats. With this approach, industrial organizations can slice their infrastructure into smaller components, making it easier to secure their assets and minimize the attack surface. Takeaways include how to: -Make the most out of their threat intelligence feeds -Report on progress and compliance -Negotiate trust relationships in the intelligence sharing cycle -Improve their organization’s overall security posture
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Defend Your Data Now with the MITRE ATT&CK Framework
Similar to Defend Your Data Now with the MITRE ATT&CK Framework (20)
More from Tripwire
More from Tripwire (20)
Recently uploaded
Recently uploaded (20)
Defend Your Data Now with the MITRE ATT&CK Framework
- 1. Leveraging MITRE ATT&CK Travis Smith Principal Security Researcher
- 5. ARCHITECTURE
- 8. INTELLIGENCE
- 9. OFFENSE
- 32. Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command & Control DLL Search Order Hijacking Brute Force Account Discovery Windows Remote Management Automated Collection Automated Exfiltration Commonly Used Port Legitimate Credentials Credential Dumping Application Window Discovery Third-party Software Accessibility Features Binary Padding Application Deployment Software Command-Line Clipboard Data Data Compressed Communication Through Removable Media AppInit DLLs Code Signing Credential Manipulation File and Directory Discovery Execution through API Data Staged Data Encrypted Local Port Monitor Component Firmware Exploitation of Vulnerability Data from Local System Data Transfer Size Limits New Service DLL Side-Loading Credentials in Files Local Network Configuration Discovery Logon Scripts Graphical User Interface Data from Network Shared Drive Exfiltration Over Alternative Protocol Custom Command and Control Protocol Path Interception Disabling Security Tools Input Capture Pass the Hash Scheduled Task File Deletion Network Sniffing Local Network Connections Discovery Pass the Ticket InstallUtil Data from Removable Media Exfiltration Over Command and Control Channel Custom Cryptographic Protocol File System Permissions Weakness File System Logical Offsets Two-Factor Authentication Interception Network Service Scanning Remote Desk Protocol PowerShell Email Collection Exfiltration Over Other Network Medium Data Obfuscation Service Registry Permission Weakness Remote File Copy Process Hollowing Input Capture Fallback Channels Web Shell Indicator Blocking Peripheral Device Discovery Remote Service Regsvcs/Regasm Screen Capture Exfiltration Over Other Physical Medium Multi-Stage Channels Basic Input/Output System Exploitation of Vulnerability Permissions Group Discovery Replication Through Removable Media Regscvr32 Audio Capture Multiband Communication Bootkit Bypass User Account Control Process Discovery Shared Webroot Rundll32 Video Capture Scheduled Transfer Multilayer Encryption Change Default File Association DLL Injection Query Registry Taint Shared Content Scheduled Task Component Firmware Component Object Model Hijacking Remote System Discovery Windows Admin Shares Scripting Peer Connections Hypervisor Indicator Removal from Tools Security Software Discovery Service Execution Remote File Copy Logon Scripts Indicator Removal on Host System Information Discovery Windows Management Instrumentation Standard Application Layer Protocol Modify Existing Service InstallUtil System Owner / User Discovery Redundant Access Masquerading System Service Discovery MSBuild Standard Cryptographic Protocol Registry Run Keys/Start Folder Modify Registry Execution Through Module Load Security Support Provider NTFS Extended Attributes System Time Discovery Standard Non-Application Layer Protocol Shortcut Modification Obfuscated Files or Information Windows Management Process Hollowing Uncommonly Used Port Instrument Event Subscription Redundant Access Web Service Winlogon Helper DLL Regsvcs/Regasm Data Encoding Netsh Helper DLL Regsvr Authentication Package Rootkit External Remote Services Rundll32 Scripting Software Packing Timestomp MSBuild Network Share Removal Install Root Certificate
- 33. Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command & Control DLL Search Order Hijacking Brute Force Account Discovery Windows Remote Management Automated Collection Automated Exfiltration Commonly Used Port Legitimate Credentials Credential Dumping Application Window Discovery Third-party Software Accessibility Features Binary Padding Application Deployment Software Command-Line Clipboard Data Data Compressed Communication Through Removable Media AppInit DLLs Code Signing Credential Manipulation File and Directory Discovery Execution through API Data Staged Data Encrypted Local Port Monitor Component Firmware Exploitation of Vulnerability Data from Local System Data Transfer Size Limits New Service DLL Side-Loading Credentials in Files Local Network Configuration Discovery Logon Scripts Graphical User Interface Data from Network Shared Drive Exfiltration Over Alternative Protocol Custom Command and Control Protocol Path Interception Disabling Security Tools Input Capture Pass the Hash Scheduled Task File Deletion Network Sniffing Local Network Connections Discovery Pass the Ticket InstallUtil Data from Removable Media Exfiltration Over Command and Control Channel Custom Cryptographic Protocol File System Permissions Weakness File System Logical Offsets Two-Factor Authentication Interception Network Service Scanning Remote Desk Protocol PowerShell Email Collection Exfiltration Over Other Network Medium Data Obfuscation Service Registry Permission Weakness Remote File Copy Process Hollowing Input Capture Fallback Channels Web Shell Indicator Blocking Peripheral Device Discovery Remote Service Regsvcs/Regasm Screen Capture Exfiltration Over Other Physical Medium Multi-Stage Channels Basic Input/Output System Exploitation of Vulnerability Permissions Group Discovery Replication Through Removable Media Regscvr32 Audio Capture Multiband Communication Bootkit Bypass User Account Control Process Discovery Shared Webroot Rundll32 Video Capture Scheduled Transfer Multilayer Encryption Change Default File Association DLL Injection Query Registry Taint Shared Content Scheduled Task Component Firmware Component Object Model Hijacking Remote System Discovery Windows Admin Shares Scripting Peer Connections Hypervisor Indicator Removal from Tools Security Software Discovery Service Execution Remote File Copy Logon Scripts Indicator Removal on Host System Information Discovery Windows Management Instrumentation Standard Application Layer Protocol Modify Existing Service Install Util System Owner / User Discovery Redundant Access Masquerading System Service Discovery MSBuild Standard Cryptographic Protocol Registry Run Keys/Start Folder Modify Registry Execution Through Module Load Security Support Provider NTFS Extended Attributes System Time Discovery Standard Non-Application Layer Protocol Shortcut Modification Obfuscated Files or Information Windows Management Process Hollowing Uncommonly Used Port Instrument Event Subscription Redundant Access Web Service Winlogon Helper DLL Regsvcs/Regasm Data Encoding Netsh Helper DLL Regsvr Authentication Package Rootkit External Remote Services Rundll32 Scripting Software Packing Timestomp MSBuild Network Share Removal Install Root Certificate Assess Current Coverage Identify Critical Gaps Address Gaps