Navigation and Review

00:00

hello and welcome to another application of the minor attack framework discussion. Today, we're going to be looking at the site. We're going to navigate through some of its components. Just give it an overall thorough review and help you to become familiar with. You know, when we're talking about command liner, when we're talking about initial access,

00:20

you can go to these different areas, follow along, look through the sign information and really take advantage of the full wealth of knowledge that minor brings to the table

00:29

right out the gate. So with that, let's go ahead and jump over to the site.

00:35

All right, everybody. So you may notice that we are on the minor attack framework site. So in order to get to this beautiful piece of information, you can go to attacked up minor dot org's and it will bring you to this home page. Now

00:51

you may also notice down below there's theater attack matrix for enterprise. There's some other areas that we can go as well that have some different matrix ease. And so, in this case, if we went Teoh Enterprise, you'd see here

01:06

just taking a moment to load that we have the enterprise information in this nice compact form, we can also go over to mobile,

01:18

and it will adjust for mobile information as well. Now we are focusing in our particular discussions on the enterprise area. And so we're just going to go back to this main page here

01:29

now in navigating the framework. As you can see, you've got initial access, execution, persistence, privilege escalation, defense evasion, credential, access, discovery, lateral movement, collection, commanding control, ex filtration and impact. Now, if you click into any of these given areas,

01:46

it will give you a description of what that means. So in this case, it's the I clicked something there.

01:52

It's the adversary trying to get access to the network, and then it's got various techniques

01:59

that it breaks down into that with a technique I d. And so if you ever had a solution or something and they said, These are the following technique ideas we defend against

02:07

you could trace that back to these areas, and then if you want to go even deeper, you can click a particular technique area,

02:15

and it then breaks that technique down into its description. The I D

02:21

tactic is, of course, initial access any given platform here, spearfishing attachments can work him data sources in which they were able to collect information

02:30

version the date it was created, last modified. So if you want to see when it was updated last, you can see it's pretty current as of this year, and then they've got some procedure examples. And so within this, it's got different threat groups. And it describes kind of like a P T. 29 years spearfishing emails with an attachment to deliver files with exports to a victim.

02:50

And so it breaks down each of those given areas.

02:53

Here's a motet,

02:55

and so you can see here there are different groups. There's some tool names, and then it has mitigations down kind of midway or toward the bottom. And so it has antivirus and malware, which, if there's, you know, malicious payloads being delivered that can hopefully block something. If we're not looking at a zero day attack,

03:13

network intrusion prevention, restrict Web based content and user training. Of course, when we talk about spearfishing or attachments and things of that nature

03:22

in user training, condemn finitely, be beneficial there,

03:25

and then each of these areas will have detection methodology. So in this case, network intrusion detection systems and email gateways can be used to the text spearfishing with malicious attachments and transit. And it's got some additional information that covers you know what anti virus could potentially detect on.

03:44

There's some different areas where it will talk about ah knitting or different types of logs to save and things of that nature so definitely

03:51

beneficial to look at these areas within

03:53

the framework. And then we get into references now. References are great

04:00

for many reasons. One, we can see what they were using in those given areas, but also, if we want to go to, let's say the reference for us, cert,

04:12

we can open that up,

04:15

taking a moment to load. But in this case, it talks about the motet, which was one of the ones they mentioned in this particular area, and so they actually give some examples and description information of what was sent and seen.

04:29

They also go through some methodology information here

04:32

with how they work and what they do. And so here's an example. Family and paths

04:38

as faras, you know, looking for the malware and things of that nature, the impact and solution. And so that's a great resource toe half if you're again trying to combat the motet, if you've got,

04:51

you know, an attack that's happened and you think it was from spear fishing and you've got some threat idea information or some hash information that helps there

04:59

so great to have that data

05:00

now. Under this, we also have techniques

05:06

which within this it just shows different techniques

05:11

within the enterprise area.

05:13

And it's alphabetized in this case,

05:16

and then we can go to mitigation. So essentially it's breaking everything down outside of each of the individual vectors,

05:27

and then we can go into groups.

05:30

So these were some of the different AP teas.

05:32

And again, if I want to know about a P T 32

05:36

click right in

05:38

pulling up

05:40

gives me some information about what they're focuses are what are some techniques that they've used in some ways that they've compromised entities and individuals

05:50

Softwares that have been used. So this is great as well, so I p config this just some command line information. But Mimi Cats, We've heard of many cats, but maybe you want to read more about it

06:02

there we go talks about it being a credential, dumper what it does.

06:06

Techniques used in some things that it's it's done and what you could look for.

06:12

Groups that have used the software. So that's not a small set there. That's a pretty good size group and then some different references. Again. If I want to read more,

06:23

I just pop right in

06:27

and it talks about. A P T 34

06:30

gives me a little information here,

06:32

so overall

06:34

the framework is solid. I mean, you could go into software's different Softwares that have been used all winner

06:43

art, which we know what art is. Baby shark Lord, don't go saying it on me now,

06:49

brave prints. So I mean just

06:53

boundless amounts of information that you can use. You could probably spend a week looking through all of the different data sets and re sources and information they keep in F A Q here

07:04

and so if there's anything that we explained that you want further details on, you can go in and they provide some answers to some of those different areas as well. It's legal,

07:15

and then, if you want to contribute to the framework

07:18

they've got some different areas in here that you can read upon us well, and so again,

07:25

this is a pretty boundless framework there, always working on this and updating it. There is plenty to see here if you're a researcher academic, if you are blue team member, red team, purple team

07:35

consultant, business owner, vendor solutions provider, managed service provider. Whatever the case may be,

07:44

there is something here in this framework that you can take advantage of that you can use. And so I definitely recommend that you take some time to dig through the site,

07:51

understand what it has to offer and where you can apply it to get the different controls and techniques within it to help minimize risk and hopefully make threat actors jobs a little bit harder than they are today. So with that, let's go ahead and jump back over to our slides.

08:09

All right, everybody. Well, I hope you enjoyed that tour of the site. I hope you enjoyed seeing all the different resource is and things that are available. Really, it is just a repository of wonderful information on top of wonderful information, so fear needing to do research for a paper.

08:26

If you're trying to figure out some new vectors if you're trying to just touch up on some different threat groups,

08:33

software's whatever the case may be as you saw this particular site and this group has it, and it is beautiful. So I encourage you to continue to explore the minor site,

08:45

especially the attack framework and all of the goods that it has to provide to you as a professional or just hobbyist, whatever the case may be.