Techniques and Sub-Techniques

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
Welcome to Madre. One lesson for techniques and sub techniques.
00:06
In this lesson, we will define and explore what an attack technique is.
00:10
Recognize the differences between techniques and sub techniques
00:14
and finally, bone appreciation for how these techniques and sub techniques fit into the overall attack. TTP model,
00:25
As you recall from our previous lesson, attack tactics to find the goals of an adversary during a campaigner breach,
00:32
whereas attack techniques to find the means by which adversaries used to achieve these tactical goals.
00:39
Techniques are written from the perspective of the adversary and capture how an adversary performs each action or behavior.
00:46
As you can see an example to the right
00:49
drawn from the execution tactic, the command and scripting interpreter technique capture self adversaries. Maybe may abuse, command and scripting languages to execute malicious commands or payloads
01:02
similar to tactics. The list of techniques very often differs across platforms,
01:07
but this list grows and evolves over time to keep up with variances and innovations of adversary tradecraft.
01:18
Sub techniques further break down. The details of adversary behavior is captured in techniques.
01:23
For all intents and purposes,
01:26
techniques and some techniques are equivalent.
01:29
The only main difference that some techniques described behaviors at a lower level of detail,
01:36
as you can see an example to the right,
01:38
our same command and scripting interpreter technique has eight sub techniques
01:42
which defined very specific command or programming languages that adversaries may be used to execute payloads.
01:51
Subject things always have a single parent
01:53
and are not always very often platform specific, such as the Windows Command shell or CMD dot e x C sub technique.
02:01
Some techniques were explicitly designed to help reduce changes to techniques as we try to track and capture variations and innovations between platforms, an adversary. Behaviors,
02:15
techniques and sub techniques are both objects within the attack model,
02:21
each of which are assigned unique identifiers
02:24
technique. IEDs are typically referred to as tides,
02:28
as you can see the example below with brute force, and it's tied T 11 10
02:35
sub technique. Tides
02:37
are just extensions of their parent T i D. As you can see the example below with the Fort Sub techniques of brute force,
02:50
some techniques and techniques have a wealth of additional metadata on each of the pages that connect to the rest of attack model.
02:57
Some of this interesting metadata, which will explore in later lessons include mitigations
03:04
data sources and detections
03:07
and procedure examples.
03:10
And with that, we've reached the knowledge check for this lesson
03:16
techniques and some techniques and attack our
03:20
please positive video. Take a second to think about the correct answer before proceeding.
03:29
In this case, the correct answer was C techniques and sub techniques and attack our descriptions of adversary behaviors at different levels of detail
03:40
in summary
03:42
attack techniques. And some techniques
03:44
represent behaviors performed by adversaries or how they achieve their tactical goals
03:51
and finally, techniques. And some techniques are fundamentally the same. The only difference being some techniques are more specific descriptions of these behaviors.
Up Next