Red Team Toolkit
  • 👊Welcome!
  • Methodology
    • MITRE
    • NIST
    • OWASP
    • PTES
    • SANS
  • Reconnaissance
    • DNS Recon
    • Open Source Intelligence
    • Web Application Recon
  • Initial Access
    • Phishing
    • Web Authentication Bypass
    • Network Services Attacks
    • Breaching Active Directory
    • Windows Exploits
    • Linux Exploits
    • SQL Injection
    • XSS
    • Burp Suite
    • Hyrdra
    • Metasploit
    • Nessus
    • Wordlists
    • OWASP ZAP
  • Discovery
    • NMAP
    • PowerView
    • Active Directory Enumeration
    • Windows Post Exploitation Discovery
    • Linux Post Exploitation Discovery
    • Other Scanning Methods
  • Privilege Escalation
    • Password Cracking
    • AD Privilege Escalation
    • Local Windows Privilege Escalation
    • Linux Privilege Escalation
    • Mimikatz
  • Movement
    • Movement
    • Evasion
  • Collection
    • Persistence
    • Exfiltration
  • Other
    • Bookmarks
    • OpeSec
Powered by GitBook
On this page
  • Background
  • Steps
  • Resources

Was this helpful?

  1. Methodology

MITRE

PreviousMethodologyNextNIST

Last updated 1 year ago

Was this helpful?

The is a knowledge base of adversary tactics and techniques that can be used as a penetration testing guide.

Background

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a framework developed by MITRE, a non-profit organization that provides research and development services to the U.S. government. The framework provides a comprehensive understanding of the tactics, techniques, and procedures that are used by adversaries in real-world attacks in the form of a matrix, and is designed to be a common language for describing and understanding cyber threats. Penetration testers can use the MITRE CVE framework to identify known vulnerabilities in a target's systems and applications, and to prioritize their testing efforts based on the severity of the vulnerabilities.

Steps

The is divided into several steps, which are as follows:

  1. : This involves the collection of information about the target organization or individual, including network topology, security measures, and vulnerabilities.

  2. : This step involves the creation of tools, malware, and other resources that can be used during the attack.

  3. : This step involves gaining initial access to the target's network, systems, or applications. This can be achieved through a variety of means, including exploiting vulnerabilities, using stolen credentials, or social engineering.

  4. : This step involves executing the primary payload of the attack, which can include malware installation, data theft, or other malicious activities.

  5. : This involves establishing a foothold within the target's environment to maintain access over an extended period.

  6. : This step involves gaining elevated privileges within the target environment to gain access to sensitive data or systems.

  7. : This step involves using various techniques to avoid detection and evade defenses, such as anti-virus software, firewalls, and intrusion detection systems.

  8. : This step involves obtaining valid credentials that can be used to gain access to additional systems and resources within the target environment.

  9. : This involves mapping out the target's environment to identify potential targets for further exploitation.

  10. : This step involves moving laterally within the target environment to gain access to additional systems and resources.

  11. : This involves gathering data or information of interest, such as sensitive data, credentials, or system configurations.

  12. : This step involves establishing and maintaining communication with remote systems that are under the control of the attacker, which are used to issue commands and receive information.

  13. : This involves the extraction of data or information from the target environment to a location under the control of the attacker.

  14. : This involves the final result or impact of the attack, which can include data theft, system compromise, or other malicious activities.

Resources

ATT&CK Official Site
ATT&CK Matrix
ATT&CK Navigator Web App
ATT&CK Caldera Emulator
ATT&CK Decider Automation
MITRE GitHub
MITRE Cyber Analytics Repository (CAR)
ATT&CK ATT&CK Getting Started Guide
MITRE ATT&CK Resources
ATT&CK Getting STarted
MITRE ATT&CK framework
framework's enterprise matrix
Reconnaissance
Resource Development
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Background
Steps
Resources