Recent breaches have shown an ugly truth: determined adversaries will get into your network. This talk will present the MITRE-developed Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), a framework for describing the actions an adversary may take while operating within an enterprise network after they compromise it. ATT&CK provides a common way to characterize and describe post-compromise adversary behavior and, unlike other models, was developed via red teaming and analyzing public cyber threat intelligence reports: the tactics and techniques in ATT&CK are real ones that adversaries have used in the wild. Perhaps most importantly, ATT&CK is free and publicly available at attack.mitre.org.
In this presentation, we will outline the key features of ATT&CK, describing the tactics, techniques, threat actor groups, and software that make up the ATT&CK model, followed by a discussion of how ATT&CK can be used in the field, including for training, red team assessments, defensive gap analysis, information sharing, and threat reporting.
Andy Applebaum is a researcher at The MITRE Corporation where he mainly works on topics such as offensive security automation, applying formal methods to threat modeling, and reasoning under uncertainty. Prior to starting at MITRE, Andy received his Ph.D. in computer science from the University of California Davis, where his dissertation topic was using argumentation logic for reasoning in cyber security.