Attack Frameworks

MITRE ATT&CK (MITRE Adversarial Tactics, Techniques, and Common Knowledge)

This provides a database of known TTPs (Tactics, Techniques, and Procedures). 

Here is a link to the website: MITRE ATT&CK

Each individual technique is assigned a unique ID. 

The tactics are persistence, command & control, and initial access.

The Diamond Model of Intrusion Analysis

This is used to analyze an intrusion based on four core features:

• Victim
• Capability
• Infrastructure
• Adversary

Cyber Kill Chain Attack Framework

This is a white paper put out by Lockheed Martin.

This shows the order of the stages of an attack.

1. Reconnaissance—This is the stage where the attacker chooses the methods to use for the attack. The attacker collects information about the target's computer systems, supply chain, and employees.

2. Weaponization - The attacker chooses what exploit and payload code to use for the attack. 

3. Delivery - the attack vector to transmit the attack code to the target, an email attachment, or a USB drive.

4. Exploitation - trick a user into running the code by clicking on an attachment or drive-by-download.

5. Installation - this stage is for persistence

6. Command and Control (C2) - this stage is where the attacker can install additional tools

7. Actions on Objectives - this stage is where data exfiltration occurs.