Questions tagged [mitre]
11 questions
3
votes
1 answer
How long it takes to receive CVE-ID from cve.mitre.org?
I had applied for CVE ID at https://cveform.mitre.org/.
I did followed their guidelines, and did exactly as their instructions said (didn't add PGP key as it seems optional). It's been 2 month since then and all I had received is confirmation letter…
TEST tEsT
- 51
- 5
2
votes
1 answer
What is the difference between ATT&CK and CAPEC?
My question is on Cyber Threat Intelligence (CTI). I want to know the difference between Attack Patterns (as in MITRE CAPEC) and Tactics, Techniques and Procedures (as in MITRE ATT&CK). They both seem to describe the behaviour and modus operandi of…
JacopoStanchi
- 123
- 3
2
votes
1 answer
What does "Obtaining a CVE" mean
I've have seen the term around and I mostly get that it is referred to when someone reports a vulnerability to Mitre.
But what does this mean practically? Are you listed somewhere as the reporter? Is this something people use on their CVs?
Artog
- 290
- 2
- 14
2
votes
1 answer
What's the difference between OVAL definitions, objects, and tests?
I'm trying to become more familiar with OVAL tst def and obj references in joval xml definition files.
For example, I'll see stuff like:
And then other areas will have stuff…
Mike B
- 3,336
- 4
- 29
- 39
1
vote
0 answers
MITRE ATT&CK framework concept doubts between tactics
I am studying the MITRE ATT&CK framework and I am confused with the following tactics: Reconnaissance, Discovery, and Resource Development.
What are the differences between these 3 tactics? According to the study material:
Reconnaissance is the…
Jask_Skull
- 11
- 1
1
vote
1 answer
Is it called Drive-by Compromise if attacker provided his website for user to access?
If the website is legitimate and the attacker exploited that legitimate website, and the attacker gains access to a victim's system that visits the website, then it is a drive-by compromise.
However, if the attacker built the website, and the…
TIMOTHY LIM
- 11
- 1
0
votes
0 answers
McAfee Security Control against Mitre Att&ck
I am researching articles about McAfee and the list of products against Mitre Att&ck. I am performing an assessment on whether they are able to perform the detection and prevention against each techniques covered in Mitre Att&ck. It is based on…
timothy
- 1
0
votes
0 answers
How do we indicate if a sub-techniques or techniques have a low or high detection confidence via MITRE ATT&CK?
I was doing the MITRE ATT&CK SOC Assessment course and had a question about the right assessment of techniques and sub-techniques.
The sub-technique that we want to assess is "Application or System Exploitation"(ID: T1499.004) its Data Sources and…
Ruben Amizyan
- 1
- 1
0
votes
0 answers
How to show optional steps in attack trees?
I'm new to security and I'm trying to create an attack tree based on MITRE ATT&CK techniques.
What is unclear, is how I can incorporate some steps that are optional.
For instance, if the attacker's goal is to exfiltrate data, they may or may not…
Stergios
- 101
- 1
0
votes
0 answers
Why does Mitre T1203 technique includes macros as software vulnerabilities?
I was reading a recent report about an APT and jumped into this Technique:
https://attack.mitre.org/techniques/T1203/
This technique is called:
Exploitation for Client Execution
And that might match with what a macro is. However, the description…
borcho
- 550
- 2
- 15
0
votes
0 answers
Is there a way to map each CVE to a technique/tactic in the mitre ATT&CK matrix?
The only 'solution' I thought of is linking a CVE to a CWE and then to a CAPEC (Method found in this link: How to find CAPEC items related to a CVE) but I am unable to get from a CAPEC attack pattern to a technique/tactic in the ATT&CK matrix.
(On a…
Xin
- 1
- 1