when it comes to guidance on building mapping and skills
TRANSCRIPT
www.immersivelabs.com | [email protected]
FACT SHEET
Unlike defenders who must secure their entire surface of attack, hackers need to find just one weakness to penetrate a network. This first-mover advantage means that, historically, attackers have had control. However, ATT&CK is levelling the playing field with its numerous tactics, techniques and procedures (TTPs), which are based on real-world observation.
Thanks to this basis in real life, ATT&CK provides unrivalled detail regarding the ways threat actors can run an attack, starting with the initial access phase. It organizes the building blocks of an attack so that organizations can visualize exactly what adversaries could achieve on their network, making it easier to put relevant defenses in place. So, when a business identifies an attacker on its network, it has a ready-made list of responses for mitigation – meaning less time wasted filling in gaps.
In the event of an incident, you’ll be able to identify individuals with the right skills to respond as the situation unfolds.
1An understanding of skill levels across all security functions brings invaluable insights in some key areas:
MITRE ATT&CK™ Framework Mapping
Number of users who have completed a mapped lab
Not Mapped
2 - 4 Users
0 Users
5+ Users
1 User
PoshC2 Episode 4 - Privileged Escalation
Start Lab
What’s Involved
Exposureis usingP oshC2t oe numerare a host
Minutes60 SpecialisedI7PracticalL ab
Learning outcomes
Exposuret o priviledgee scalationu sing PoshC2
Points400PoshC2 Privesc
Visualizing skill levels will help you measure and communicate improving areas of coverage as well as those that require investment.
2
Gamified learning experiences will see teams and individuals competing for points and badges to prove their skills.
3
Collection Command and Control ExfiltrationI mpact
Audio CaptureCommonly Used Port
Automated Exfiltration
Data Destruction
Automated Collection
Communication Through RemovableM edia
Data Compressed
Data Encrypted for Impact
Clipboard DataConnection Proxy
Data Encrypted Defacement
Data from Information Repositories
Custom Command and Control Protocol
Data Transfer Size Limits
Disk Content Wipe
Data from Local System
Custom Cryptographic Protocol
Exfiltration Over Alternative Protocol
Disk Structure Wipe
Data from Network Shared Drive
Data EncodingExfiltration Over Command and Control Channel
Endpoint Denial of Service
Data from Removable Media
Data ObfuscationExfiltration Over Other Network Medium
Firmware Corruption
Data Staged Domain FrontingExfiltration Over Physical Medium
Inhibit System Recovery
Email CollectionDomain Generation Algorithms
Scheduled Transfer
Network Denial of Service
Recently Mapped Labs
BSides 2019: Exploring Emotet
PoshC2 Episode 4 - Priviledge Escalation
Posh C2 Episode 3 - Obtaining Credentials
Technique
Exfiltration Over Commandand Control Channel
Most Recent Completions
Alex Seymour
Will Allen
Ben McCarthy
MAPPING AND MEASURING SKILLS ALIGNED TO MITRE ATT&CK ® WITH IMMERSIVE LABS
When it comes to guidance on building detection and response programs, MITRE ATT&CK® trumps traditional frameworks such as the Diamond Model, which lacks technical depth, and Lockheed Martin’s Cyber Kill Chain, which offers little from the attacker’s perspective. At Immersive Labs, we believe to keep pace you need to learn like hackers – and this is where ATT&CK, which has a strong adversarial focus, can help.
Immersive Labs is packed with cyber skills content mapped directly to tactics and techniques in the ATT&CK framework. As individuals complete relevant exercises, our ATT&CK heat map will show you where coverage is strong and where improvement is needed.