Before diving in, lets briefly discuss a few terms that you will often hear when dealing with the framework, threat intelligence, etc. APT is an acronym for Advanced Persistent Threat. This can be considered a team/group (threat group), or even country (nation-state group), that engages in long-term attacks against organizations and/or countries. The term advanced can be misleading as it will tend to cause us to believe that each APT group all have some super-weapon, e.i. a zero-day exploit, that they use. That is not the case. As we will see a bit later, the techniques these APT groups use are quite common and can be detected with the right implementations in place. You can view FireEyes current list of APT groups here.
TTP is an acronym for Tactics, Techniques, and Procedures, but what does each of these terms mean? The Tactic is the adversarys goal or objective. The Technique is how the adversary achieves the goal or objective. The Procedure is how the technique is executed.
If that is not that clear now, dont worry. Hopefully, as you progress through each section, TTPs will make more sense.
Answer the questions belowRead the above
How to: No Answer Needed.
Answer: No Answer Needed.
No comments:
Post a Comment