www.immersivelabs.com | enquiries@immersivelabs.com

FACT SHEET

Unlike defenders who must secure their entire surface of attack, hackers need to find just one weakness to penetrate a network. This first-mover advantage means that, historically, attackers have had control. However, ATT&CK is levelling the playing field with its numerous tactics, techniques and procedures (TTPs), which are based on real-world observation.

Thanks to this basis in real life, ATT&CK provides unrivalled detail regarding the ways threat actors can run an attack, starting with the initial access phase. It organizes the building blocks of an attack so that organizations can visualize exactly what adversaries could achieve on their network, making it easier to put relevant defenses in place. So, when a business identifies an attacker on its network, it has a ready-made list of responses for mitigation – meaning less time wasted filling in gaps.

In the event of an incident, you’ll be able to identify individuals with the right skills to respond as the situation unfolds.

1An understanding of skill levels across all security functions brings invaluable insights in some key areas:

MITRE ATT&CK™ Framework Mapping

Number of users who have completed a mapped lab

Not Mapped

2 - 4 Users

0 Users

5+ Users

1 User

PoshC2 Episode 4 - Privileged Escalation

Start Lab

What’s Involved

Exposureis usingP oshC2t oe numerare a host

Minutes60 SpecialisedI7PracticalL ab

Learning outcomes

Exposuret o priviledgee scalationu sing PoshC2

Points400PoshC2 Privesc

Visualizing skill levels will help you measure and communicate improving areas of coverage as well as those that require investment.

2

Gamified learning experiences will see teams and individuals competing for points and badges to prove their skills.

3

Collection Command and Control ExfiltrationI mpact

Audio CaptureCommonly Used Port

Automated Exfiltration

Data Destruction

Automated Collection

Communication Through RemovableM edia

Data Compressed

Data Encrypted for Impact

Clipboard DataConnection Proxy

Data Encrypted Defacement

Data from Information Repositories

Custom Command and Control Protocol

Data Transfer Size Limits

Disk Content Wipe

Data from Local System

Custom Cryptographic Protocol

Exfiltration Over Alternative Protocol

Disk Structure Wipe

Data from Network Shared Drive

Data EncodingExfiltration Over Command and Control Channel

Endpoint Denial of Service

Data from Removable Media

Data ObfuscationExfiltration Over Other Network Medium

Firmware Corruption

Data Staged Domain FrontingExfiltration Over Physical Medium

Inhibit System Recovery

Email CollectionDomain Generation Algorithms

Scheduled Transfer

Network Denial of Service

Recently Mapped Labs

BSides 2019: Exploring Emotet

PoshC2 Episode 4 - Priviledge Escalation

Posh C2 Episode 3 - Obtaining Credentials

Technique

Exfiltration Over Commandand Control Channel

Most Recent Completions

Alex Seymour

Will Allen

Ben McCarthy

MAPPING AND MEASURING SKILLS ALIGNED TO MITRE ATT&CK ® WITH IMMERSIVE LABS

When it comes to guidance on building detection and response programs, MITRE ATT&CK® trumps traditional frameworks such as the Diamond Model, which lacks technical depth, and Lockheed Martin’s Cyber Kill Chain, which offers little from the attacker’s perspective. At Immersive Labs, we believe to keep pace you need to learn like hackers – and this is where ATT&CK, which has a strong adversarial focus, can help.

Immersive Labs is packed with cyber skills content mapped directly to tactics and techniques in the ATT&CK framework. As individuals complete relevant exercises, our ATT&CK heat map will show you where coverage is strong and where improvement is needed.