top of page

Tatics, Techniques and Procedures - TTPs

Tactics, Techniques, and Procedures (TTPs) describe the behaviour and methods cyber attackers use to achieve their goals. In cyber security, Tactics are the high-level objectives of an attack, Techniques are the general methods used to carry out these objectives, and Procedures are the specific actions taken to execute a technique. Understanding TTPs allows security professionals to anticipate and counteract attacks more effectively.

​​​

TTPs

Tactics

​

Tactics are the overarching goals an attacker tries to achieve. For instance, an attacker might aim to gain initial access to a system, escalate privileges, or move laterally through a network. Tactics are broad and define the purpose of a specific phase of the attack.

​

Techniques

​

Techniques are the general methods used to accomplish the tactics. For example, to gain initial access (the tactic), an attacker may use phishing (the technique), where they trick users into opening malicious emails or clicking harmful links. Other techniques may include exploiting vulnerabilities, password spraying, or using compromised credentials.

​

Procedures

​

Procedures refer to the specific steps an attacker uses to implement a technique. For instance, in phishing (the technique), the procedure might involve creating a fake email that looks like a legitimate message from a trusted source, complete with a spoofed sender address and convincing subject line to deceive the recipient. Another example might be how an attacker uses a particular exploit kit to target known software vulnerabilities.

Examples of TTPs

​

  • Tactic: Gaining Initial Access
    Technique: Phishing
    Procedure: Sending a spear-phishing email with a malicious PDF attachment designed to exploit a vulnerability in Adobe Reader.

​

  • Tactic: Privilege Escalation
    Technique: Exploiting OS Vulnerabilities
    Procedure: Using the EternalBlue exploit to target unpatched Windows systems, allowing the attacker to escalate privileges on compromised machines.

​

  • Tactic: Lateral Movement
    Technique: Remote Services
    Procedure: Exploiting weak RDP (Remote Desktop Protocol) configurations to move laterally between systems on a network.

​

TTPs are critical in frameworks like MITRE ATT&CK, where specific techniques and procedures are catalogued and mapped to show how adversaries carry out different stages of their attacks. This detailed understanding of TTPs helps organisations implement targeted defences, monitor potential threats, and respond effectively to incidents based on observed adversary behaviour.

By focusing on TTPs, cyber security teams can build more resilient defences, making it harder for attackers to achieve their objectives.

CyberSec

Empower Your Cyber Security Journey 

Cyber Security / Information Security

  • LinkedIn
bottom of page