Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
hello and welcome to another application of the minor attack framework discussion. Today, we're going to be looking at the site. We're going to navigate through some of its components. Just give it an overall thorough review and help you to become familiar with. You know, when we're talking about command liner, when we're talking about initial access,
00:20
you can go to these different areas, follow along, look through the sign information and really take advantage of the full wealth of knowledge that minor brings to the table
00:29
right out the gate. So with that, let's go ahead and jump over to the site.
00:35
All right, everybody. So you may notice that we are on the minor attack framework site. So in order to get to this beautiful piece of information, you can go to attacked up minor dot org's and it will bring you to this home page. Now
00:51
you may also notice down below there's theater attack matrix for enterprise. There's some other areas that we can go as well that have some different matrix ease. And so, in this case, if we went Teoh Enterprise, you'd see here
01:06
just taking a moment to load that we have the enterprise information in this nice compact form, we can also go over to mobile,
01:18
and it will adjust for mobile information as well. Now we are focusing in our particular discussions on the enterprise area. And so we're just going to go back to this main page here
01:29
now in navigating the framework. As you can see, you've got initial access, execution, persistence, privilege escalation, defense evasion, credential, access, discovery, lateral movement, collection, commanding control, ex filtration and impact. Now, if you click into any of these given areas,
01:46
it will give you a description of what that means. So in this case, it's the I clicked something there.
01:52
It's the adversary trying to get access to the network, and then it's got various techniques
01:59
that it breaks down into that with a technique I d. And so if you ever had a solution or something and they said, These are the following technique ideas we defend against
02:07
you could trace that back to these areas, and then if you want to go even deeper, you can click a particular technique area,
02:15
and it then breaks that technique down into its description. The I D
02:21
tactic is, of course, initial access any given platform here, spearfishing attachments can work him data sources in which they were able to collect information
02:30
version the date it was created, last modified. So if you want to see when it was updated last, you can see it's pretty current as of this year, and then they've got some procedure examples. And so within this, it's got different threat groups. And it describes kind of like a P T. 29 years spearfishing emails with an attachment to deliver files with exports to a victim.
02:50
And so it breaks down each of those given areas.
02:53
Here's a motet,
02:55
and so you can see here there are different groups. There's some tool names, and then it has mitigations down kind of midway or toward the bottom. And so it has antivirus and malware, which, if there's, you know, malicious payloads being delivered that can hopefully block something. If we're not looking at a zero day attack,
03:13
network intrusion prevention, restrict Web based content and user training. Of course, when we talk about spearfishing or attachments and things of that nature
03:22
in user training, condemn finitely, be beneficial there,
03:25
and then each of these areas will have detection methodology. So in this case, network intrusion detection systems and email gateways can be used to the text spearfishing with malicious attachments and transit. And it's got some additional information that covers you know what anti virus could potentially detect on.
03:44
There's some different areas where it will talk about ah knitting or different types of logs to save and things of that nature so definitely
03:51
beneficial to look at these areas within
03:53
the framework. And then we get into references now. References are great
04:00
for many reasons. One, we can see what they were using in those given areas, but also, if we want to go to, let's say the reference for us, cert,
04:12
we can open that up,
04:15
taking a moment to load. But in this case, it talks about the motet, which was one of the ones they mentioned in this particular area, and so they actually give some examples and description information of what was sent and seen.
04:29
They also go through some methodology information here
04:32
with how they work and what they do. And so here's an example. Family and paths
04:38
as faras, you know, looking for the malware and things of that nature, the impact and solution. And so that's a great resource toe half if you're again trying to combat the motet, if you've got,
04:51
you know, an attack that's happened and you think it was from spear fishing and you've got some threat idea information or some hash information that helps there
04:59
so great to have that data
05:00
now. Under this, we also have techniques
05:06
which within this it just shows different techniques
05:11
within the enterprise area.
05:13
And it's alphabetized in this case,
05:16
and then we can go to mitigation. So essentially it's breaking everything down outside of each of the individual vectors,
05:27
and then we can go into groups.
05:30
So these were some of the different AP teas.
05:32
And again, if I want to know about a P T 32
05:36
click right in
05:38
pulling up
05:40
gives me some information about what they're focuses are what are some techniques that they've used in some ways that they've compromised entities and individuals
05:50
Softwares that have been used. So this is great as well, so I p config this just some command line information. But Mimi Cats, We've heard of many cats, but maybe you want to read more about it
06:02
there we go talks about it being a credential, dumper what it does.
06:06
Techniques used in some things that it's it's done and what you could look for.
06:12
Groups that have used the software. So that's not a small set there. That's a pretty good size group and then some different references. Again. If I want to read more,
06:23
I just pop right in
06:27
and it talks about. A P T 34
06:30
gives me a little information here,
06:32
so overall
06:34
the framework is solid. I mean, you could go into software's different Softwares that have been used all winner
06:43
art, which we know what art is. Baby shark Lord, don't go saying it on me now,
06:49
brave prints. So I mean just
06:53
boundless amounts of information that you can use. You could probably spend a week looking through all of the different data sets and re sources and information they keep in F A Q here
07:04
and so if there's anything that we explained that you want further details on, you can go in and they provide some answers to some of those different areas as well. It's legal,
07:15
and then, if you want to contribute to the framework
07:18
they've got some different areas in here that you can read upon us well, and so again,
07:25
this is a pretty boundless framework there, always working on this and updating it. There is plenty to see here if you're a researcher academic, if you are blue team member, red team, purple team
07:35
consultant, business owner, vendor solutions provider, managed service provider. Whatever the case may be,
07:44
there is something here in this framework that you can take advantage of that you can use. And so I definitely recommend that you take some time to dig through the site,
07:51
understand what it has to offer and where you can apply it to get the different controls and techniques within it to help minimize risk and hopefully make threat actors jobs a little bit harder than they are today. So with that, let's go ahead and jump back over to our slides.
08:09
All right, everybody. Well, I hope you enjoyed that tour of the site. I hope you enjoyed seeing all the different resource is and things that are available. Really, it is just a repository of wonderful information on top of wonderful information, so fear needing to do research for a paper.
08:26
If you're trying to figure out some new vectors if you're trying to just touch up on some different threat groups,
08:33
software's whatever the case may be as you saw this particular site and this group has it, and it is beautiful. So I encourage you to continue to explore the minor site,
08:45
especially the attack framework and all of the goods that it has to provide to you as a professional or just hobbyist, whatever the case may be.
08:52
So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor