Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
hello and welcome to our first discussion in the application of the minor attack framework. So today we're going to be looking specifically at what is the minor attack framework. And as we continue to work through it, you'll see why this framework is growing in popularity. Why it is
00:18
great for blue team members, red team members, purple team members, security consultants,
00:23
business owners you name it if you're evaluating a solution or software, this framework definitely has some capability that can assist you in making those decisions or understanding the threats and attack vectors that you would need to defend against. So let's jump right in with a quick definition, as provided by the minor site.
00:42
Um, the minor attack framework is a globally accessible knowledge base
00:47
of adversary tactics. So we talked about threat actors and, you know, the minor tent framework gives you some tips and information on each of those, uh, AP teas
00:59
under each of the vectors and areas and techniques based on real world observations. And so the knowledge based is used as a foundation for the development of specific threat models and methodologies in the private sector. So we mentioned all areas private sector of government and in the cybersecurity product in service community. So with the creation of the attack
01:19
framework, it's fulfilling its mission to solve problems for a safer world by bringing communities together to develop more effective cybersecurity.
01:26
Attack is open and available to any personal organization for use at no charge. So that is a wonderful thing. Like I said, the research that an individual would have to do whether you are a blue team member of Red Team member,
01:41
it can be different depending on the methodologies that were developed by the organization or developed by the individual, depending on the type of certifications that they've gone and taken. So the great thing about the attack framework is that it takes everything on. This is a snippet from the site. So I did cut off the bottom portion of some of these,
02:00
but it breaks it down into each of these areas which, when we do, the tour of the site will actually look at.
02:06
But it initially it starts with initial access down here on this end.
02:12
And then what happens is is the threat actor would gain access through one of these methods. So let's say that they get to trusted relationship. So what happens with the framework is you can kind of move left to right and assume that an individual would gain access. The Threat actor would gain access to one of these areas,
02:30
and then they would essentially move through
02:35
each of these areas,
02:37
finding ways
02:38
to move through the organization
02:43
and make movements all the way to the end where there's impact. And so the reason that I like this framework and then I think it's so awesome is that within each of these areas,
02:53
so under, like, initial access eyes, I'll show you you can click into valid accounts,
03:00
and within that it gives you a definition of what that is. It talks a bit about some of the threat actors that have used valid account access and how they've gone about doing that. They give you some information on mitigating factors, and then they give you some tips and tricks for detection. And ultimately,
03:17
at the end of that, there's some references that were used for those recommendations and information as well.
03:23
And so it's a really nice, concise body of knowledge that helps you to kind of look for gaps. So let's say that you've got a security solution and it takes care of a number of things in the execution.
03:35
Um, let's say in the execution area here and a few things, maybe in discovery. Maybe it's got some things in defence evasion. Maybe it touches on each of these areas, and so you can map out. You know, it helps with command line interface areas. It helps with Absar DLL that helps with command history, auditing and information domain trust, discovery.
03:53
And so let's say it does all those things.
03:57
But then it has gaps in the solution where it doesn't cover every area and the attack framework. And, of course, as threat, actors become more sophisticated and more aware of the ways that we're kind of keeping them from making money or keeping them from gaining access to systems. This framework would grow or shrink based on the popular attack vectors and what
04:15
the actors are doing.
04:17
So this framework is definitely useful.
04:20
Whether you're evaluating software solutions, security controls, maybe your organization security posture definitely beneficial, and so we will touch on this when we go through the site as well.
04:32
So what will we be looking at? Well, essentially our discussions. Our modules, We're gonna line up with each of the main areas of the attack framework. So we're gonna start with initial access
04:46
Aan den. What we'll do is we'll work our way through each of those areas. Now, what we're not going to do is touch on every
04:55
vector within each of these areas. We're gonna touch on a few at a high level.
05:00
We're going to talk about some instances where those either were taken advantage of as far as in, um the wild or in practice where a business was damaged or hand an incident that was because of credential
05:15
access techniques or because of initial access techniques. And we all are aware of fishing
05:20
and things of that nature and how you know much that's impacted organizations. But we'll talk about command line and where that's been used or how it's been utilized, we'll talk about valid accounts. You know, we've got some case studies where we'll talk about how ballot accounts were used in any each of these areas will have a respective case study where you can apply.
05:40
Um,
05:42
how a threat actor got into an organization or with speculation is behind it. And then we will apply principles within the attack framework to see, you know, if we had implemented certain controls or mitigating factors or detection factors,
05:56
would we have been able to, you know, potentially reduce the impact of a compromiser, have stopped it out, right?
06:01
And so it will continue all the way through to the impact phase were again. We'll touch on each of these areas and some of the attack vectors when then each. But we're not going to touch over every piece of the framework just because it would take a large amount of time. And once we go through a few of these in each area, you'll kind of get the point and how to look through
06:21
each of the given attack vectors in
06:25
these core areas.
06:27
So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor