Skip to content

This provides a guided step by step walkthrough for threat modeling with MITRE ATT&CK Framework

License

Notifications You must be signed in to change notification settings

bvoris/mitreattackthreatmodeling

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
 
 
 
 
 
 

Repository files navigation

Threat Modeling with MITRE ATT&CK Framework

This provides a guided step by step walkthrough for threat modeling with MITRE ATT&CK Framework
GitHub followers GitHub User's stars
GitHub GitHub commit activity GitHub All Releases GitHub repo size GitHub language count GitHub issues GitHub top language

Preface

I've taken 3 classes in using MITRE ATT&CK Framework as a threat modeling tool.
I highly recommend Ismael Valenzuela's work in threat modeling and his portion of the SANS 350 course.
https://www.sans.org/profiles/ismael-valenzuela/
I've been using this threat modeling now for a few years on misc. projects and contract work. Its incredibly helpful in security control designing and architecture.

Links

MITRE ATT&CK Website - this is needed to search for threat groups, techniques, and tools used by threat actors
https://attack.mitre.org/
ATT&CK Navigator - maps out threat group techniques, allows for developing threat models
https://mitre-attack.github.io/attack-navigator/

What are you trying to accomplish?

We are trying to determine the matrices that show known attack techniques of threat groups and develop a model based on those techniques to help anticipate actions of those threat groups and help validate security controls.

What do we need from here?

We need an industry. For this demonstation I've selected HEALTHCARE as the industry.

Lets get started

Go to https://attack.mitre.org/

Click the search magnifying glass


Search for "healthcare"


For simplicity we will select two threat groups APT 40/Leviathan and APT 41

Now lets go to https://mitre-attack.github.io/attack-navigator/


Lets create a new layer


Select Enterprise under create new layer


Click on the layer and name it to the threat group


The change will be reflect in the layer name


Click the magnifying glass under selection controls


Search for the Threat Group in the search field


Click select next to the threat group


Selected techniques should now appear highlighted


Now we want a bit more visibility in the techniques so we will select a color


The attack techniques should now be colored.


Now we need to add a score to provide a value or weight to the attack techniques


Set the value for score to 1


We've added our first known threat group now we need to add more for the industry we selected.

For this exercise we will add one more, but keep in mind you can add as many as you need for your threat model.

Lets add one more by clicking the +



Lets create a new layer


Name the new layer like in the previous steps


Click enterprise


Click Selection Controls magnifying glass and search for the threat group


Validate that the threat group techniques have been selected


Select the color for threat groups techniques.


Set the score for the techniques just as before


Adding up the layers to show the threat model

Now we want to add all of the layers (if you don't two thats fine but you can always do more).
Lets add one more by clicking the +




Click Create Layers from other layers, domain should be Enterprise ATT&CK, Expression should be the layers you have (a+b), gradient & coloring should be your first layer



If you've created it correctly you should have a threat model based on the threat groups you selected, color coded with the scores added for a combined score on techniques that overlap.



Next Steps

Next steps would be to export your threat model and use this in comparison to your known security controls, if security controls have not been identified then the threat model can provide insight on security controls for your particular use case.



Connect with me at





Victim Of Technology

Cyber Forge Security, Inc.

About

This provides a guided step by step walkthrough for threat modeling with MITRE ATT&CK Framework

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published