Alireza Gharib Blog

As mentioned in our 2024 Roadmap and the v15 release blog, we’re excited to introduce our new TAXII server and the latest addition to the ATT&CK Workbench software suite: the MITRE ATT&CK Workbench TAXII 2.1 Server. We’ve open-sourced the TAXII 2.1 code on GitHub, allowing you to set up your own servers within your organization…

ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights v15 is all about actionability and bringing defenders’ reality into focus — we prioritized what you need to detect, and how you can do it more effectively with detection engineering upgrades, and deeper intelligence insights across platforms. This release also reflects the new…

Enhancing usability, expanding scope, optimizing defenses 2023 was dynamic year for ATT&CK. We marked a decade of progress since the framework’s inception and achieved some key milestones to make ATT&CK more accessible for a wider community. Our scope (slightly) expanded to encompass activities adjacent to direct Enterprise interactions, such as non-technical, deceptive practices and social…

Credit: https://flic.kr/p/dzyK9x CC BY-SA 2.0 ATT&CK has been brewing up something eerie for this Halloween — a release so hauntingly powerful that it will send a chill down the spine of even the most formidable adversaries. As v14 emerges from the depths, we’re proud to present a more robust and finely-tuned knowledge base. So, grab your flashlights and…

ATT&CK v13 Enters the Room: Pseudocode, Swifter Search, and Mobile Data Sources It’s not like a regular Tuesday, it’s a lucky Tuesday — ATT&CK v13 has arrived. As we outlined in our Roadmap, we’re working toward enhanced tools for lower-resourced defenders, improving ATT&CK’s website usability, enhancing ICS and Mobile parity with Enterprise, and evolving overall content and structure…

A Roadmap of 2023’s key efforts: From ICS Assets to more Linux and ATT&CKcon 4.0. It’s 2023 and we’re all a little older, including ATT&CK, which will be celebrating its 8th (!) release anniversary in a few short months. Last year we matured, expanded, deconflicted, and renovated the knowledge base, persevering through challenges to meet…

Introducing Campaigns to MITRE ATT&CK By: Amy Robertson, Jared Ondricek, and Matt Malone We’ve talked about building Campaigns into ATT&CK in our ATT&CK 2022 roadmap, at ATT&CKCon 3.0, and most recently on the SANS Threat Analysis Rundown but their release is now nigh! Our initial collection of Campaigns will be available starting with our ATT&CK v12 release…

ATT&CK Goes to v11: Structured Detections, Beta Sub-Techniques for Mobile, and ICS Joins the Band These go to eleven By Adam Pennington and Jason Ajmo Right on cue, ATT&CK’s latest release is out, and this time we’ve gone to v11! If you’ve been following along with our roadmap there shouldn’t be any huge surprises in store, but we…

Guest Post by ATT&CKcon 3.0 Keynote Speaker, Selena Larson Allan Pinkerton (Alexander Gardner — Library of Congress) At the onset of the Civil War, a man whose name would eventually become synonymous with famous American detectives was reportedly providing false reports to the Union’s top general. Allan Pinkerton, who once successfully smuggled Abraham Lincoln into Washington, D.C. to…