Executing MITRE's ATT&CK one TTP at a time. Community site for contributors coming soon - throw in a TTP and provide a detailed checklist, we'll give it a go and troubleshoot during a live stream.
The companion project to stage the payloads for local testing can be found here at One ATT&CK at a Time Stage .
This is a project that I started thinking of while performing single-execution threat emulation to evaluate the effectiveness of commercial SIEM products' rules, configurations and interoperability. The basic idea is to make a video and guided writeup for each of the MITRE ATT&CK TTP’s of the different techniques to execute. Sorta like Atomic but with a more community-driven “educational” twist.
One 'ATT&CK' at a Time is developed for educational purposes only. Neither the creators nor contributors of One 'ATT&CK' at a Time are responsible for any misuse of these resources. The resources provided should not be used in any unauthorized or illegal manner. Always ensure ethical and legal use of the tools and techniques provided here.
Contributions, suggestions, and feedback are welcome. Please create an issue or pull request for any contributions.
- Fork the repository.
- Create a new branch for your
TTP-username-dev(e.g.T1053-cmndcntrlcyber-dev) feature (e.g.cmndcntrlcyber-feat) or bug fix (e.g.cmndcntrlcyber-fix). - Make your changes and commit them.
- Push your changes to your forked repository.
- Open a pull request in the main repository.