Insider Threat TTP Knowledge Base
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base advances our collective understanding of the technical mechanisms …
Sensor Mappings to ATT&CK
Sensor Mappings to ATT&CK gives cyber defenders the information they need to identify and understand cyber incidents occurring in their …
OceanLotus Adversary Emulation Plan
OceanLotus (aka APT32, SeaLotus, APT-C-00) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has …
Summiting the Pyramid v1
Many analytics are dependent on specific tools or artifacts. Adversaries can easily evade these with low-cost changes that exploit the …
Threat Report ATT&CK Mapper (TRAM)
The cybersecurity community has been working for years to automatically identify adversary tactics, techniques, and procedures (TTPs) in cyber …
ATT&CK Workbench
The Workbench project expands the functionality of the current platform to enable teams to explore, create, annotate, and share extensions of the …
CTI Blueprints
This project developed an approach and prototype tool for creating narrative cyber threat intel reports that analysts need in the form they need …
ATT&CK Sync
The ATT&CK Sync project streamlines upgrades to new versions of MITRE ATT&CK® by providing tools and resources to migrate existing …
ATT&CK Integration Into VERIS
This project updates and expands the translation layer between VERIS and ATT&CK allowing ATT&CK to describe the adversary behaviors that …
Defending IAAS with ATT&CK
Defending IaaS with ATT&CK developed an ATT&CK matrix that enables users to easily understand and work with the techniques applicable to …
Attack Flow
Attack flow is a data model with supporting tooling and examples for describing sequences of adversary behaviors. Attack flows help defenders …
Micro Emulation Plans
Micro Emulation Plans help organizations validate their defenses quickly and easily by building smaller scale adversary emulation plans that are …