Simply what are “techniques”?
At a high-level, ATT&CK is a behavioral mannequin that consists of the next core parts:
• Techniques, denoting short-term, tactical adversary targets throughout an assault;
• Strategies, describing the means by which adversaries obtain tactical targets;
• Sub-techniques, describing extra particular means by which adversaries obtain tactical targets at a decrease degree than methods; and
• Documented adversary utilization of methods, their procedures, and different metadata.
My concern is with MITRE’s definition of “techniques” as “short-term, tactical adversary targets throughout an assault,” which is oddly recursive.
The important thing phrase within the techniques definition is targets. In line with MITRE, “techniques” are “targets.”
Examples of ATT&CK Techniques
|MITRE ATT&CK “Techniques,” https://assault.mitre.org/techniques/enterprise/|
Taking a look at this checklist, the primary 11 gadgets may certainly be seen as targets. The final merchandise, Affect, will not be a purpose. That merchandise is an artifact of making an attempt to shoehorn extra data into the ATT&CK construction. That is not my major concern although.
Army Idea and Definitions
As a service academy graduate who needed to sit by means of many lectures on army principle, and who participated in small unit workout routines, the concept of techniques as “targets” doesn’t make any sense.
I would wish to share three sources that provide a distinct perspective on techniques. Though all three are army, my argument doesn’t depend upon that affiliation.
In his e-book On Techniques, B. A. Friedman defines techniques as “the use of army forces to attain victory over opposing enemy forces over the brief time period.” (emphasis added)
“Techniques, in warfare, the artwork and science of combating battles on land, on sea, and within the air. It’s involved with the strategy to fight; the disposition of troops and different personalities; the use made of assorted arms, ships, or plane; and the execution of actions for assault or protection…
The phrase techniques originates within the Greek taxis, that means order, association, or disposition — together with the type of disposition wherein armed formations used to enter and combat battles. From this, the Greek historian Xenophon derived the time period tactica, the artwork of drawing up troopers in array. Likewise, the Tactica, an early 10th-century handbook mentioned to have been written beneath the supervision of the Byzantine emperor Leo VI the Clever, handled formations in addition to weapons and the methods of combating with them.
The time period techniques fell into disuse in the course of the European Center Ages. It reappeared solely towards the tip of the 17th century, when “Tacticks” was utilized by the English encyclopaedist John Harris to imply ‘the Artwork of Disposing any Variety of Males right into a proposed type of Battle…’”
From these three examples, it’s clear that techniques are about use and disposition of forces or capabilities throughout engagements. Targets are fully totally different. Techniques are the strategies by which leaders obtain targets.
How Did This Occur?
It could have made extra sense for MITRE to have simply mentioned “purpose” or “goal,” however “GTP” is not acknowledged by the digital defender world.
It is Not Simply the Army
Some readers would possibly assume “ATT&CK is not a army software, so your army examples do not apply.” I take advantage of the army references to point out that the phrase tactic does have army origins, just like the phrase “technique,” from the Greek Strategos or strategus, plural strategoi, (Greek: στρατηγός, pl. στρατηγοί; Doric Greek: στραταγός, stratagos; that means “military chief”).
That mentioned, I’d be stunned to see the phrase techniques used as “targets” wherever else. For instance, none of those examples from the non-military world contain techniques as targets:
Within the civilian world, techniques are how leaders obtain targets or targets.
Within the massive image, it does not matter that a lot to ATT&CK content material that MITRE makes use of the time period “techniques” when it actually means “targets.”
Nonetheless, I wrote this text as a result of the ATT&CK design and philosophy emphasizes a typical language, e.g., ATT&CK “succinctly organizes adversary techniques and methods together with offering a widespread language used throughout safety disciplines.”
If we need to share a typical language, it is essential that we acknowledge that the ATT&CK use of the time period “techniques” is an anomaly. Maybe a future version will change the terminology, however I doubt it given how entrenched it’s at this level.
ta0001,mitre att&ck spreadsheet,ta0002 mitre,mitre execution phase,mitre pre attack,t1035 t1179 mitre,mitre att&ck framework pdf,mitre att&ck vs kill chain,rapid7 mitre att&ck,mitre tactic initial access,mitre att&ck framework excel,bloodhound att&ck,mitre att&ck use cases,initial access mitre,the “ck” in att&ck refers to the _______.,mitre att&ck training,adversaries technical goals are,mitre att&ck vs nist,using mitre att&ck for threat hunting,tripwire mitre attack,what is mitre ttp,mitre ttp matrix,what is pre att&ck,mitre att&ck framework training,threat queue,tactics, techniques, and procedures,mitre attack framework pdf,ttp defense,mitre framework github,mitre att&ck framework certification,rapid7 threat detection,what are the key components of att&ck,mitre att&ck tactics and techniques,mitre att&ck evaluation,mitre att&ck wiki,mitre att&ck navigator