attack-mapper.py maps MITRE ATT&CK techniques describing post-compromise adversary behavior to relevant MITRE Shield defensive techniques
Author: th3jiv3r.
The U.S. Department of Defense defines active defense as:
“The employment of limited offensive action and counterattacks to deny a contested area or position to the enemy.”
Active defense ranges from basic cyber defensive capabilities to cyber deception and adversary engagement operations.
The combination of these defenses allows an organization to not only counter current attacks, but also to learn more about that adversary and better prepare for new attacks in the future.
Shield is an active defense knowledge base MITRE is developing to capture and organize what we are learning about active defense and adversary engagement. Derived from over 10 years of adversary engagement experience, it spans the range from high level, CISO ready considerations of opportunities and objectives, to practitioner friendly discussions of the TTPs available to defenders.