Attack Frameworks & Methodology

Understanding attack structures, frameworks, and methodologies used by adversaries. Learn to think like an attacker to better defend against threats.

Attack Lifecycle

MITRE ATT&CK

Kill Chain

Defense Strategies

MITRE ATT&CK Framework

Comprehensive knowledge base of adversary tactics and techniques.

Enterprise ATT&CK

Initial Access

Phishing, drive-by compromise, supply chain

Execution

Command execution, user execution, scheduled tasks

Persistence

Registry modifications, scheduled tasks, boot/autostart

Privilege Escalation

Process injection, token manipulation, exploitation

Defense Evasion & Discovery

Defense Evasion

Process injection, masquerading, indicator removal

Credential Access

Credential dumping, keylogging, brute force

Discovery

System information, network scanning, account discovery

Lateral Movement

Remote services, internal spearphishing, replication

Cyber Kill Chain

Lockheed Martin's model for understanding and defending against cyber attacks.

Reconnaissance & Weaponization

Reconnaissance

OSINT, network scanning, target research

Weaponization

Malware creation, exploit development, payload preparation

Delivery

Email, web, USB, social engineering

Exploitation

Vulnerability exploitation, code execution

Installation & Command & Control

Installation

Malware installation, persistence mechanisms

Command & Control

C2 channels, communication protocols, encryption

Actions on Objectives

Data exfiltration, destruction, ransomware

Defense Strategies

Detection, prevention, response at each stage

Common Attack Vectors

Understanding the most prevalent methods used by attackers.

Social Engineering

Phishing

Email phishing, spear phishing, whaling

Pretexting

False scenarios, impersonation, authority

Baiting

Physical media, USB drops, curiosity

Quid Pro Quo

Service exchange, help desk scams

Technical Attacks

Web Application Attacks

SQL injection, XSS, CSRF, file upload

Network Attacks

Man-in-the-middle, ARP spoofing, DNS poisoning

Physical Attacks

Hardware implants, keyloggers, shoulder surfing

Supply Chain

Compromised software, hardware backdoors

Defense Strategies

Countermeasures and defensive approaches for each attack stage.

Prevention

• Security awareness training
• Network segmentation
• Access controls
• Patch management
• Email filtering

Detection

• SIEM monitoring
• IDS/IPS systems
• Endpoint detection
• Behavioral analysis
• Threat hunting

Response

• Incident response plans
• Forensics capabilities
• Communication protocols
• Recovery procedures
• Lessons learned

Understanding Attack Frameworks: Knowledge of attack structures helps defenders anticipate and prepare for threats. Use these frameworks to improve detection capabilities, develop better defenses, and enhance incident response procedures.