hey everyone welcome to the channel cyber gray matter today we're going to talk about what's known as the miter attack and i'm going to try and explain this in a way that even beginners and those who may not be too familiar with industry jargon can follow along and get a grasp on this amazing tool so real quick we're just going to go over the contents of this video all right so first who is this video for defining the mitre attack who uses it what are frameworks and why are they important who can benefit from the miter attack framework how to search for vulnerabilities and other information on the mitre website and finally going over blue and red team use so first off let's define what the miter attack even is miter corporation is a not-for-profit group in bedford mass and they have developed the framework known as the miter attack miter isn't an acronym but attack is and it stands for adversarial tactics techniques and common knowledge adversarial in this context is referring to the attackers which are also known as adversaries threat actors and commonly known as hackers the tactics are exploits they use and the techniques or how they use those exploits finally the ck stands for common knowledge because this is a grouping of data information and reports that mitre collects that's open to the public the information is submitted by users and researchers to the mitre corporation and then they're cataloged it's based upon real world information and how adversary groups actually behave in the things that they do and just for reference i'm going to be shortening miter attack to just smiter mitre is used and is not only good for those in the professional field but also students mitre is designed so that even businesses without a fully functioning and dedicated teams can benefit from this and we'll discuss that later both blue and red teams can benefit from the mitre and use it in the field for reference the blue team are those on the defense like analysts and the red team are the people on the offense like penetration testers and those who actually quote you know hack the network and test the security by exploiting known vulnerabilities this isn't on the list but adversaries can also get ideas from the mitre information they can look and see what others are doing and incorporate that into their own methods what even our frameworks and why are they important in cyber security you can think of a framework as a set or grouping of tool-like ideas and roles a healthy cooking and dietary framework would include things like eating x grams of protein per day the english language has frameworks as well such as grammar and semantics for cyber security frameworks are important because they are centralized and something that everyone can understand and follow this is a way for people to speak the same language and be on the same page since there are often multiple ways to explain and refer to something like i said before a hacker is also called an adversary or threat actor similar to the cve known as the common vulnerabilities and exposures mitre is open and accessible to everyone before cyber security hit the mainstream this information was really only available to the government base even though adversaries were affecting the public this collection of information is a great way to allow companies and business professionals to protect themselves and learn and it's also extremely valuable for students threat intel vendors are companies that provide a service to a business and help aid in finding and managing assets and their vulnerabilities on the network this makes it easy to fix these vulnerabilities by mitigation and many use some type of framework like mitre to guide them through the possibilities and steps while mitre is mostly for windows it also includes information on linux mac and even android and ios just as mitre is good for the defenders of an organization it can also be a useful tool for adversaries however by knowing what's actually on the network vulnerabilities become easier to manage and it makes mitigation decisions much easier for a company if you're aware of the possible attacks you'll be able to threat model what's most realistic in your company for example a company that only uses microsoft and windows based systems wouldn't need to worry about attacks being brought on by max so let's start looking at the miter attack framework and what it can do at a basic level these resources and medium articles talk about three different levels of sophistication that can be found on the mitre website and the links will be in the description so this is going to be level one sophistication so here we're going to go to the mitre attack website as you can see here here's the matrix the attack matrix and then these are tactics over here all across here and then techniques and these are all the different techniques and these are changing and they add them and everything and then you can go over here let's click on one of them and we see here clear windows event logs all right and then these here are the procedures these are like everything on here so as you can see on the side sub techniques and things like that platforms windows tactic defense evasion and then the procedures here and then right here the event logs can be cleared with the following utility commands and here are the commands and then you can see which groups use what because different groups will use different procedures and then we go up here and use the search function all right click on that and then over here you can see all the different groups and everything and these are specific to like financial institutions so these different groups and scroll up and everything see them all in alphabetical order click on axiom and then more information about them and then their specific techniques and procedures and everything so a blue team analyst would identify different data sources like assets and capabilities both logical and physical including things like operating systems servers and types of protocols on the network they could use another tool for mitre called detect which allows someone to map these data sources the miter detect can be found on github i won't be going through it in great detail in this video but this could be something in another more in-depth video in the future after adding all the things into detect you can then get this into a file on the navigator map that looks something like this this is an example of what a business specific navigator map would look like and they're all different you can then go through and figure out what kind of exploits can be done on specific things within the network for the red team this involves something called adversary emulation which is similar to pen testing all this means is that you're going to find a vulnerability and try to exploit it through testing this is completely allowed but it's typically involves planning paperwork in a scope the difference between traditional pen testing and what you would do here is that you're identifying vulnerabilities and looking at all options an adversary group might use since there are multiple ways to do things all while utilizing information such as adversary ttps which again are the tactics techniques and procedures you then use this to figure out how good or bad the defenses are and change things to strengthen the network protection even if a company doesn't have a specific red team to follow through with these tests they can still use things such as atomic red team which is an open source project involving scripts that are used to detect the techniques and procedures related to the miter attack techniques so that's the end of the video and hope you now have a better understanding of the miter attack if you have any questions just leave them in the comment section below and please like and subscribe if you have any video topics you'd like me to cover i'd be happy to try and fulfill those requests thanks