Abstract image of a woman sitting on books and studying on a laptop

Adjectives for ATT&CK

M
MITRE ATT&CK

The document discusses various adjectives related to cybersecurity techniques, emphasizing public methods available on platforms like GitHub and Kali Linux. It differentiates between altered modifications of existing techniques and bespoke implementations that are innovative. An example provided includes a customized webshell that evades detection by Windows Defender while maintaining functionality.

Technology
1 of 3
Downloaded 27 times
1
2
3
Adjectives for ATT&CK Ben Langrill @LangrillSec Optimizer, LLC
Adjectives Public Techniques that exist in GitHub, Kali Linux or other readily-available toolkit. Altered Modifications to public techniques that are still fundamentally the same technique. Bespoke A novel implementation of a technique or even a new subtechnique.
Example - Webshells Public Something from /usr/share/webshells on Kali Altered Modified version of cmdasp.aspx that evades Windows Defender signatures and retains functionality Bespoke A novel webshell that matches a target’s web environment

More Related Content

PDF
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
MITRE ATT&CK
 
PDF
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
MITRE ATT&CK
 
PDF
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
MITRE ATT&CK
 
PDF
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
MITRE ATT&CK
 
PDF
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
MITRE ATT&CK
 
PDF
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
MITRE ATT&CK
 
PDF
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
MITRE ATT&CK
 
PDF
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
MITRE ATT&CK
 
Next-Gen Threat-Informed Defense: Human-Assisted Intelligent Agents - Rajesh ...
MITRE ATT&CK
 
Birds of a Feather: The Evolution of Threat Actor Prioritization, Gap Analysi...
MITRE ATT&CK
 
Using ATT&CK and MITRE CTID’s StP Frameworks to Assess Threat Detection Resil...
MITRE ATT&CK
 
Bridging the Gap: Enhancing Detection Coverage with Atomic Red Team, Sigma, a...
MITRE ATT&CK
 
SaaSy ATT&CK – Practical ATT&CK usage for SaaS-based Telemetry - Aaron Shelmire
MITRE ATT&CK
 
I'll take ATT&CK techniques that can be done for $1000, Alex. - Ben Langrill
MITRE ATT&CK
 
Practical Application of MITRE ATT&CK: Real World Usage in a Corporate Enviro...
MITRE ATT&CK
 
This is why we don’t shout “Bingo”: Analyzing ATT&CK Integration in Endpoint ...
MITRE ATT&CK
 

More from MITRE ATT&CK (20)

PDF
Every Cloud Has a Purple Lining - Arun Seelagan
MITRE ATT&CK
 
PDF
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
MITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
MITRE ATT&CK
 
PDF
ATT&CKcon 5.0 Lightning Talks - Various Speakers
MITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
MITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Enterprise - Casey Knerr
MITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
MITRE ATT&CK
 
PDF
MITRE ATT&CK Updates: Software - Jared Ondricek
MITRE ATT&CK
 
PDF
State of the ATT&CK 2024 - Adam Pennington
MITRE ATT&CK
 
PDF
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
MITRE ATT&CK
 
PDF
Updates from The Center for Threat Informed Defense - Jon Baker
MITRE ATT&CK
 
PDF
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
MITRE ATT&CK
 
PDF
ATT&CK From Basic Principles - Tareq AlKhatib
MITRE ATT&CK
 
PDF
Lifecycle-Aware Power Side-Channel Malware Detection - Alexander Cathis
MITRE ATT&CK
 
PDF
From ATT&CK to CL&IM: Cyber Insurance Data Modeling using MITRE ATT&CK and be...
MITRE ATT&CK
 
PDF
The MITRE ATT&CK "Collection" Tactic is Missing Very Important Techniques: D...
MITRE ATT&CK
 
PDF
What sets us apart? Industries vs. infrastructure as differentiator for techn...
MITRE ATT&CK
 
PDF
Dealing With ATT&CK's Different Levels Of Detail
MITRE ATT&CK
 
PDF
Automating testing by implementing ATT&CK using the Blackboard Architecture
MITRE ATT&CK
 
PDF
I can haz cake: Benefits of working with MITRE on ATT&CK
MITRE ATT&CK
 
Every Cloud Has a Purple Lining - Arun Seelagan
MITRE ATT&CK
 
Confession: 3 Things I Wish I Knew About MITRE ATT&CK When I Was an FBI Profi...
MITRE ATT&CK
 
ATT&CKcon 5.0 Keynote - From Ticket Closers to Practitioners- How Great Secu...
MITRE ATT&CK
 
ATT&CKcon 5.0 Lightning Talks - Various Speakers
MITRE ATT&CK
 
MITRE ATT&CK Updates: Defensive ATT&CK - Lex Crumpton
MITRE ATT&CK
 
MITRE ATT&CK Updates: Enterprise - Casey Knerr
MITRE ATT&CK
 
MITRE ATT&CK Updates: CTI - Path Forward - Joe Slowik
MITRE ATT&CK
 
MITRE ATT&CK Updates: Software - Jared Ondricek
MITRE ATT&CK
 
State of the ATT&CK 2024 - Adam Pennington
MITRE ATT&CK
 
Sources of ATT&CK: A Bibliographic Journey through Enterprise ATT&CK - Robert...
MITRE ATT&CK
 
Updates from The Center for Threat Informed Defense - Jon Baker
MITRE ATT&CK
 
Go Go Ransom Rangers: Diving into Akira’s Linux Variant with ATT&CK - Nicole ...
MITRE ATT&CK
 
ATT&CK From Basic Principles - Tareq AlKhatib
MITRE ATT&CK
 
Lifecycle-Aware Power Side-Channel Malware Detection - Alexander Cathis
MITRE ATT&CK
 
From ATT&CK to CL&IM: Cyber Insurance Data Modeling using MITRE ATT&CK and be...
MITRE ATT&CK
 
The MITRE ATT&CK "Collection" Tactic is Missing Very Important Techniques: D...
MITRE ATT&CK
 
What sets us apart? Industries vs. infrastructure as differentiator for techn...
MITRE ATT&CK
 
Dealing With ATT&CK's Different Levels Of Detail
MITRE ATT&CK
 
Automating testing by implementing ATT&CK using the Blackboard Architecture
MITRE ATT&CK
 
I can haz cake: Benefits of working with MITRE on ATT&CK
MITRE ATT&CK
 
Ad

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
PDF
Electrocardiogram sequences data analytics and classification using unsupervi...
IAESIJAI
 
PDF
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PPTX
Presentation - Principles of Instructional Design.pptx
Ntokozo Mhlongo
 
PDF
Human Computer Interaction Miterm Lesson
JasperGarcia9
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PDF
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
PDF
A symptom-driven medical diagnosis support model based on machine learning te...
IAESIJAI
 
PDF
Connector Corner: Transform Unstructured Documents with Agentic Automation
DianaGray10
 
PDF
The AI Revolution in Customer Service - 2025
Body of Knowledge
 
PDF
substrate PowerPoint Presentation basic one
jwaite4
 
PDF
Aug23rd - Mulesoft Community Workshop - Hyd, India.pdf
Ravi Tamada
 
PPTX
MuleSoft-Compete-Deck for midddleware integrations
zupittejas
 
PDF
zbrain.ai-Scope Key Metrics Configuration and Best Practices.pdf
ChristopherTHyatt
 
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
PDF
Planning-an-Audit-A-How-To-Guide-Checklist-WP.pdf
DROK2
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PDF
Ensemble model-based arrhythmia classification with local interpretable model...
IAESIJAI
 
PDF
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
Electrocardiogram sequences data analytics and classification using unsupervi...
IAESIJAI
 
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Presentation - Principles of Instructional Design.pptx
Ntokozo Mhlongo
 
Human Computer Interaction Miterm Lesson
JasperGarcia9
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
A symptom-driven medical diagnosis support model based on machine learning te...
IAESIJAI
 
Connector Corner: Transform Unstructured Documents with Agentic Automation
DianaGray10
 
The AI Revolution in Customer Service - 2025
Body of Knowledge
 
substrate PowerPoint Presentation basic one
jwaite4
 
Aug23rd - Mulesoft Community Workshop - Hyd, India.pdf
Ravi Tamada
 
MuleSoft-Compete-Deck for midddleware integrations
zupittejas
 
zbrain.ai-Scope Key Metrics Configuration and Best Practices.pdf
ChristopherTHyatt
 
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
Planning-an-Audit-A-How-To-Guide-Checklist-WP.pdf
DROK2
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
Ensemble model-based arrhythmia classification with local interpretable model...
IAESIJAI
 
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
Ad

Adjectives for ATT&CK

  • 1. Adjectives for ATT&CK Ben Langrill @LangrillSec Optimizer, LLC
  • 2. Adjectives Public Techniques that exist in GitHub, Kali Linux or other readily-available toolkit. Altered Modifications to public techniques that are still fundamentally the same technique. Bespoke A novel implementation of a technique or even a new subtechnique.
  • 3. Example - Webshells Public Something from /usr/share/webshells on Kali Altered Modified version of cmdasp.aspx that evades Windows Defender signatures and retains functionality Bespoke A novel webshell that matches a target’s web environment