Attack Frameworks

MITRE ATT&CK (MITRE Adversarial Tactics, Techniques, and Common Knowledge)

This provides a database of known TTPs (Tactics, Techniques, and Procedures). 

Here is a link to the website: MITRE ATT&CK

Each individual technique is assigned a unique ID. 

The tactics are categorized as persistence, command & control, and initial access.

The Diamond Model of Intrusion Analysis

This is used to analyze an intrusion based on four core features:

• Victim
• Capability
• Infrastructure
• Adversary

Cyber Kill Chain Attack Framework

This is a white paper put out by Lockheed Martin.

This shows the order of the stages of an attack.

1. Reconnaissance - this stage where the attacker chooses the methods to use for the attack. The attacker collects information about the target's computer systems, supply chain, and employees.

2. Weaponization - The attacker chooses what exploit and payload code to use for the attack. 

3. Delivery - the attack vector to transmit the attack code to the target, an email attachment, or a USB drive.

4. Exploitation - trick a user into running the code by clicking on an attachment or drive-by-download.

5. Installation - this stage is for persistence

6. Command and Control (C2) - this stage is where the attacker can install additional tools

7. Actions on Objectives - this stage is where data exfiltration would take place.