Skip to main content

Intro to Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™ Series)

September 28, 2018

Series Introduction 

Attack and Penetration consultants strive to stay current and knowledgeable in all of the current trends, both from an offensive security perspective, as well as a defensive mitigation and remediation perspective. You may have missed our previous blog series Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker, where we reviewed the updated Center for Internet Security (CIS) Critical Security Controls (CSC) from the perspective of offensive security professionals with the intention of educating organizations of controls that exist. This series is also focused on the risk associated with attacks which leverage vulnerabilities that could have been mitigated through the implementation of a control. 

What is ATT&CK 

In this new series, we will be reviewing MITRE’s National Cybersecurity Federally Funded Research and Development Centers (FFRDC’s) Adversarial Tactic, Techniques, and Common Knowledge (ATT&CK) repository of collected cyber security data. ATT&CK bridges the gap between multiple offensive security data points, including Tactics, Techniques, Tools, and identified malicious Advanced Persistent Threat actors. The creation of most of this framework comes from an interesting project executed by Blake Storm, of MITRE, called project FMX (Fort Meade eXperiment). In this project, a production network was attacked by Blake and other security professionals which impersonated adversarial groups' tactics and techniques. By leveraging data points collected on the network, Blake was able to construct a large part of the ATT&CK framework that could be leveraged by offensive as well as defensive security professionals, to map potential offensive tactics and techniques. 

The ATT&CK Navigator 

By far, the best way to disseminate the entirety of the ATT&CK project is through the ATT&CK Navigator. The ATT&CK Navigator allows users to filter, drill down, build potential attack chains, and view cross-tactic techniques. This is particularly helpful for defensive security professionals in creating potential incident response attack scenarios. Teams could play through scenarios of how an attack could unfold by chaining together several different techniques, creating an attack chain. From an offensive security perspective, it allows teams to “look ahead” or “brainstorm” ways to demonstrate impact and risk within their penetration tests. 

Purpose of the Series 

The purpose of this series is to rely on Optiv Attack and Pen's experience performing adversarial threat assessments, and analyze the techniques of each tactic, in attempt to bring attention to the most commonly leveraged methods we employ as offensive security professionals. There are currently 219 techniques across ATT&CK’s 11 tactics; this is an enormous amount of information to consume, and even more so to implement mitigations around. We hope that security teams will benefit from the information in this series regarding the common attack techniques, however we encourage those teams to not stop there. Teams should continue to enhance their security by drilling into the ATT&CK matrix to develop as many attack mitigations as possible.  

So now that we have defined what ATT&CK is, our next post we will cover the Initial Access Tactic and will examine the following tactics that attackers can use to gain a foothold into your environment: 

Read more in Optiv’s ATT&CK series. Here's a review of related posts on this critical topic:

    Joshua Platz

By: Joshua Platz

Senior Consultant

See More

Related Blogs

July 31, 2017

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 20

Test the overall strength of an organization’s defenses (the technology, the process and the people) by simulating the objectives and actions of an at...

See Details

May 22, 2017

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 19

Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g. plans, def...

See Details

May 03, 2017

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 18

Manage the security lifecycle of all in-house developed and acquired software in order to prevent, detect and correct security weaknesses.

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.