Welcome to Madre. One lesson for techniques and sub techniques.
In this lesson, we will define and explore what an attack technique is.
Recognize the differences between techniques and sub techniques
and finally, bone appreciation for how these techniques and sub techniques fit into the overall attack. TTP model,
As you recall from our previous lesson, attack tactics to find the goals of an adversary during a campaigner breach,
whereas attack techniques to find the means by which adversaries used to achieve these tactical goals.
Techniques are written from the perspective of the adversary and capture how an adversary performs each action or behavior.
As you can see an example to the right
drawn from the execution tactic, the command and scripting interpreter technique capture self adversaries. Maybe may abuse, command and scripting languages to execute malicious commands or payloads
similar to tactics. The list of techniques very often differs across platforms,
but this list grows and evolves over time to keep up with variances and innovations of adversary tradecraft.
Sub techniques further break down. The details of adversary behavior is captured in techniques.
For all intents and purposes,
techniques and some techniques are equivalent.
The only main difference that some techniques described behaviors at a lower level of detail,
as you can see an example to the right,
our same command and scripting interpreter technique has eight sub techniques
which defined very specific command or programming languages that adversaries may be used to execute payloads.
Subject things always have a single parent
and are not always very often platform specific, such as the Windows Command shell or CMD dot e x C sub technique.
Some techniques were explicitly designed to help reduce changes to techniques as we try to track and capture variations and innovations between platforms, an adversary. Behaviors,
techniques and sub techniques are both objects within the attack model,
each of which are assigned unique identifiers
technique. IEDs are typically referred to as tides,
as you can see the example below with brute force, and it's tied T 11 10
sub technique. Tides
are just extensions of their parent T i D. As you can see the example below with the Fort Sub techniques of brute force,
some techniques and techniques have a wealth of additional metadata on each of the pages that connect to the rest of attack model.
Some of this interesting metadata, which will explore in later lessons include mitigations
data sources and detections
and procedure examples.
And with that, we've reached the knowledge check for this lesson
techniques and some techniques and attack our
please positive video. Take a second to think about the correct answer before proceeding.
In this case, the correct answer was C techniques and sub techniques and attack our descriptions of adversary behaviors at different levels of detail
attack techniques. And some techniques
represent behaviors performed by adversaries or how they achieve their tactical goals
and finally, techniques. And some techniques are fundamentally the same. The only difference being some techniques are more specific descriptions of these behaviors.