LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

In step 4 of the exercise you "develop a breach scenario." How is MITRE ATT&CK used to make that scenario realistic?

By picking a real threat group from the ATT&CK "Groups" knowledge base and walking through the specific tactics, techniques and procedures (TTPs) that group actually uses.

MITRE ATT&CK catalogues named adversary groups (APTs and criminal crews) and, for each, the techniques they are known to employ across the attack lifecycle (initial access, persistence, lateral movement, exfiltration, impact, and so on). WHY use it: instead of inventing a vague "hacker breaks in" story, you model the attack the way your actual likely adversary would run it, technique by technique. That realism is what lets the later steps — estimating damage and choosing controls — line up against threats you will really face. See attack.mitre.org/groups.

Go deeper:

  • doc MITRE ATT&CK Groups — Katalog benannter Angreifergruppen mit ihren tatsächlichen TTPs als Basis für realistische Szenarien.

From Quiz: ISM / Threat & Impact Modelling | Updated: Jul 05, 2026