Tactics

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Welcome to Module 1,
00:00
Lesson 3, tactics.
00:00
In this lesson, we will define and
00:00
explore what an ATT&CK Tactic is,
00:00
as well as start to build an appreciation for how
00:00
these tactics fit into the overall ATT&CK TTP model.
00:00
Tactics can be defined as the goals
00:00
an adversary has during an attack.
00:00
We can think of this as why they
00:00
perform each action or behavior during a campaign.
00:00
While the list of tactics may differ across
00:00
technology domains, or matrices,
00:00
as you'll see, there's plenty of
00:00
overlap and there's lots of
00:00
tactics is relatively static over time.
00:00
The ATT&CK model treats tactics as objects,
00:00
each of which is assigned a unique ID.
00:00
Tactics also have short and long descriptions,
00:00
as you can see from the example below,
00:00
with the persistence tactic.
00:00
Going back to our matrix view,
00:00
you can see that tactics are
00:00
represented as column headers.
00:00
Zooming in on individual tactic,
00:00
in this case, lateral movement,
00:00
you can see that there are
00:00
various techniques and sub techniques associated with
00:00
performing behaviors that achieve
00:00
the goal of the overall tactic of lateral movement.
00:00
We'll dive into technique and some techniques later.
00:00
With that we've reached our Lesson 3, knowledge check.
00:00
An ATT&CK Tactic is,
00:00
please take a moment and pause the video and
00:00
select the correct answer before proceeding.
00:00
In this case, the correct answer was B.
00:00
An ATT&CK Tactic is an
00:00
intermediate objective of the adversary.
00:00
With that, we've reached the conclusion of Lesson 3.
00:00
In summary, ATT&CK Tactics represent
00:00
adversary goals or why they perform actions.
00:00
Finally, tactics are assigned unique IDs and lead
00:00
us into more specifics regarding
00:00
adversary behaviors such as
00:00
techniques and sub techniques.
Up Next