The ATT&CK framework from MITRE is focused on techniques used to compromise client operating systems such as Microsoft Windows, Linux, Apple’s Mac OS, and mobile os like Apple iOS and Google Android.
Adversarial
Tactics,
Techniques,
&
Common
Knowledge
But as we’ve seen recently lateral attack from one of these client OS devices can be used against servers and cloud resources too such as stealing an OAUTH token allowing admin access for the SAML SSO solution and gaining access to pretty much any SaaS tool used at the organization.
MITRE allows external contributors but this process needs to be enhanced to more easily allow vendors and subject matter experts to update content and provide feedback.
If you work in or are building a SOC then this is for you. MITRE has a book published in 2014 by Carson Zimmerman. Download the PDF file here: Ten Strategies of a World-Class Cybersecurity Operations Center

