{"id":265,"date":"2025-08-25T20:40:04","date_gmt":"2025-08-25T19:40:04","guid":{"rendered":"https:\/\/mamdouh.de\/?p=265"},"modified":"2025-08-25T20:50:17","modified_gmt":"2025-08-25T19:50:17","slug":"mitre-attck","status":"publish","type":"post","link":"https:\/\/mamdouh.de\/index.php\/2025\/08\/25\/mitre-attck\/","title":{"rendered":"MITRE ATT&amp;CK"},"content":{"rendered":"\n<p>The MITRE ATT&amp;CK framework, created in 2013, is a detailed catalog of how attackers operate and common attack patterns. It maps <strong>real-world<\/strong> <strong>TTPs<\/strong> (<strong>T<\/strong>actics (the &#8220;why&#8221;), <strong>T<\/strong>echniques (the &#8220;how&#8221;), and <strong>P<\/strong>rocedures) instead of focusing on compliance or strategy. This helps teams detect threats, test defenses, and align their tools with actual attacker behavior.<\/p>\n\n\n\n<p>The framework includes three main matrices:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enterprise<\/strong>: Covers Windows, Linux, cloud, and SaaS. It tracks tactics like data theft, lateral movement, and privilege escalation.<\/li>\n\n\n\n<li><strong>ICS (Industrial Control Systems)<\/strong>: Focuses on attacks against physical systems <strong>in OT environments<\/strong> such as factories or power plants. Techniques aim to disrupt operations or manipulate industrial controls.<\/li>\n\n\n\n<li><strong>Mobile<\/strong>: Details threats specific to Android and iOS, including mobile-specific attack methods.<\/li>\n<\/ul>\n\n\n\n<p>The key difference between Enterprise and ICS lies in the targets and impact. Enterprise attacks often <strong>steal data or gain control of IT systems<\/strong>. ICS attacks aim to <strong>disrupt physical processes and can threaten safety or cause large economic losses<\/strong>. MITRE ATT&amp;CK highlights this gap by modeling threats for each environment, helping organizations secure both IT and OT systems.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The MITRE ATT&amp;CK framework, created in 2013, is a detailed catalog of how attackers operate and common attack patterns. It maps real-world TTPs (Tactics (the &#8220;why&#8221;),&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-265","post","type-post","status-publish","format-standard","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/posts\/265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/comments?post=265"}],"version-history":[{"count":3,"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/posts\/265\/revisions"}],"predecessor-version":[{"id":268,"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/posts\/265\/revisions\/268"}],"wp:attachment":[{"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/media?parent=265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/categories?post=265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamdouh.de\/index.php\/wp-json\/wp\/v2\/tags?post=265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}