Philosophies & Perspectives
Last Modification
Conventional Wisdom in Defense
Source: MITRE ATT&CKcon 2018, John Lambert, Microsoft, - Keynote Presentation
Traditional Defenders | Modern Defenders |
---|---|
Defend a list of assets | Defend a graph of assets |
Manage incidents | Manage adversaries |
Minimize risks by keeping incidents secret | Maximize learning by sharing with trusted outside peers |
View pentest results as a report card | View pentest results as an input |
Think about stopping attacks | They think about increasing attacker requirements |
Risk
Source: Unknown

Security Vocabulary for Non-Security Executives
Source: MITRE ATT&CKcon 2018, Elly Searle, Lead Content Strategist, CrowdStrike
ATT&CK Tactic | Explain it to a non-security person | Objective | ATT&CK Layer |
---|---|---|---|
Initial Access | Get into your environment | Gain access | Layer 1 |
Execution | Run malicious code | Follow through (steal/break) | Layer 1 |
Persistence | Maintain foothold | Keep access | Layer 1 |
Privilege Escalation | Gain higher level permissions | Gain (more) access | Layer 2 |
Defense Evasion | Avoid detection | Keep access | Layer 2 |
Credential Access | Steal logins and passwords | Gain access | Layer 3 |
Discovery | Figure out your environment | Explore | Layer 3 |
Lateral Movement | Move through your environment | Explore | Layer 4 |
Collection | Gather data | Follow through | Layer 4 |
Exfiltration | Steal data | Follow through | Layer 4 |
Command and Control | Contact controlled system | Contact controlled systems | Layer 5 |
Vocabulary Use: The adversary is trying to Objective by Tactic using Technique.
Example: The adversary is trying to gain access by stealing logins and passwords using credential dumping.
Example: The adversary is trying to keep access by avoiding detection using process hollowing.
