The Holy Bible of Threat Intelligence: Learn the art of Actionable Intelligence

10 min readFeb 20

Hey friend, welcome back!

Today we will be delving into the MITRE ATT&CK framework.

This framework is the holy bible of cyber threat intelligence. It provides a common language for describing and categorizing adversarial tactics, techniques, and procedures (TTPs) based on real-world observations. It was created by MITRE Corporation, a not-for-profit organization that operates federally funded research and development centers.

The ATT&CK framework is used to analyze and understand the tactics and techniques that threat actors use to compromise, infiltrate, and exfiltrate information from a system or network. The framework consists of a matrix that lists various tactics and techniques used by attackers, such as initial access, persistence, privilege escalation, and exfiltration. In recent years, the initial matrix has been separated into three matrices that cover Enterprises, Mobile, and ICS (Industrial Control Systems). These matrices list the specific TTPs threat actors will use in each respective domain. We will focus on the Enterprise version of the framework because it is the most widely used by security professionals. That said, I encourage you to check out the Mobile and ICS versions if you have an interest in these fields.

The MITRE ATT&CK framework is widely used by cybersecurity professionals to assess and evaluate their organization’s defenses and identify areas that need improvement. By understanding the specific tactics and techniques used by attackers, defenders can take proactive measures to improve their security posture and mitigate potential threats. As a threat intelligence analyst, the MITRE ATT&CK framework is an indispensable tool as it allows collaboration within the industry when reacting to common threats.

For example, if ABC Security provides managed security services to several organisations and they see a threat actor targeting several of these organizations using similar TTPs, they will often share the TTPs used by a said threat actor with the wider community. The security team at XYZ Corp. can…

The Holy Bible of Threat Intelligence: Learn the art of Actionable Intelligence

Written by Adam Goss

More from Adam Goss

5 Mistakes I Made as a New Cyber Threat Intelligence Analyst

Discover the 5 mistakes I made as a new cyber threat intelligence analyst and practial advice for how to overcome them!

Cyber Threat Intelligence with MISP: Part 1 — What is MISP?

Discover the premier open-source threat intelligence sharing platform, its key features, and how you can use it to elevate your security!

Threat Profiling: How to Understand Hackers and Their TTPs

Learn how to threat profile malicious groups, software, data sources, and past incidents to defend against a hacker’s TTPs.

Visual Threat Intelligence: A Masterpiece of Infographics and Storytelling

Good books on cyber threat intelligence are rare. Good books that craft visual illustrations to distill complex topics are even rarer.

Recommended from Medium

TOOLS FOR CYBER THREAT HUNTING (PART - I)

Cyber Threat Hunting

Best Threat Intelligence Resources to Follow and add to your RSS feed

In this article I am going to list some feeds to make sure you are up to date with threat intelligence.

Lists

Staff Picks

Stories to Help You Level-Up at Work

Self-Improvement 101

Productivity 101

Threat Hunting vs. Incident Response: What’s the Difference?

Threat hunting and incident response are two approaches that organizations can take to detect and respond to cyber threats. Though they may…

Hunting for Threat Actor’s Infrastructure

Cybercriminals and malicious actors continuously seek new ways to exploit vulnerabilities and breach systems. To counter these threats…

Unmasking the Gh0st: A Comprehensive Guide to Threat Hunting

In the ever-evolving world of cybersecurity threats, malicious actors are continuously developing sophisticated techniques to breach…

Understanding Security Operations Center (SOC)

Note: All views in this article are my personal and team structure differs upon organization size, infosec team size, and business…