MITRE 101 - HackMD

# MITRE 101 ###### tags: `cybersecurity` `pentest` `microsoft` MITRE is a US-based non-profit corporation that not only specializes in cyber security research but also tackles AI, health informatics, space security and other areas with an aim to address challenges facing the stability, safety and well being of the USA. Projects from MITRE that are of interest to the cybersecurity community include: * ATT&CK: Adversarial tactics, techniques and common knowledge framework * CAR: Cyber Analytics Repository knowledge base * SHIELD Active Defense * AEP: ATT&CK and Emulation plans APT stands for Advanced Persistent Threat. Could be nation state actors or threat groups. They are APTs because they engage in long-term attacks on organizations / countries. Contrary to the term advanced, some techniques used by APTs can be spotted if you know what to look for. You can read more about [aptgroups here](https://attack.mitre.org/groups/) A breakdown of TTPs: T - Tactic is the adversary's goal / objective. T - Technique is how the adversary achieves said goal / objective. P - Procedure is how the technique is executed Cyber Analytics Repository defines a data model that is leveraged in its pseudocode representations but also includes implementations directly targeted at specific tools e.g Splunk and EQL (Event query language) in its analytics. Here are links to: [MITRE's CAR](https://car.mitre.org/) [MITRE's CAR analytics section](https://car.mitre.org/analytics/) Here is a link to the [github repo for MITRE SHIELD](https://github.com/MITRECND/mitrecnd.github.io) which can help plan how to engage the adversary and defend against them. See the [Center of Threat Informed Defense](https://github.com/center-for-threat-informed-defense) (CITD)for information on some of the security projects they have available to assist blue team and red team operations. The goal of CITD is to change relentlessly improving the collective ability to prevent, detect, and respond to cyber attacks in order to gain a tactical advantage over the adversary. The AEP provides strategies for simulating well known ATT&CK attacks. You can see some of those [here](https://github.com/center-for-threat-informed-defense/adversary_emulation_library) You can read up on MITRE adversary [APT3 emulation plans here](https://attack.mitre.org/resources/adversary-emulation-plans/) ## D3fend A knowledge graph of cyber security counter measures can be found at [d3fend](https://d3fend.mitre.org/) D3fend stands for: Detection Denial and Disruption Framework Empowering Network Defense Checkout the Center for Threat Informed Defense's [github](https://github.com/center-for-threat-informed-defense)