MITRE ATT&CK assessment

Overview

The Infection Monkey can simulate various ATT&CK techniques on the network. Use it to assess your security solutions’ detection and prevention capabilities. The Infection Monkey will help you find which ATT&CK techniques go unnoticed and provide specific details along with suggested mitigations.

Configuration

  • ATT&CK matrix You can use the ATT&CK configuration section to select which techniques you want the Infection Monkey to simulate. For the full simulation, use the default settings.
  • Exploits -> Credentials This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
  • Network -> Scope Disable “Local network scan” and instead provide specific network ranges in the “Scan target list”.

ATT&CK matrix

Suggested run mode

Run the Infection Monkey on as many machines as you can. You can easily achieve this by selecting the “Manual” run option and executing the command shown on different machines in your environment manually or with your deployment tool. Additionally, you can use any other run options you see fit.

Assessing results

The ATT&CK Report shows the status of simulations using ATT&CK techniques. Click on a technique to see more details about it and potential mitigations. Keep in mind that each technique display contains a question mark symbol that will take you to the official documentation of the specific ATT&CK technique used, where you can learn more about it.