CCFH-202 Exam Dumps : CrowdStrike Certified Falcon Hunter

MITRE ATT&CK Navigator is a tool that allows a threat hunter to populate and colorize all known adversary techniques in a single view. It is based on the MITRE ATT&CK framework, which is a knowledge base of adversary behaviors and tactics. The tool enables threat hunters to create custom matrices, layers, annotations, and filters to explore and model specific adversary techniques, with links to intelligence and case studies.

Discovering internet-facing servers is an example of actor actions during the RECONNAISSANCE phase of the Cyber Kill Chain. The RECONNAISSANCE phase is where the adversary researches and identifies targets, vulnerabilities, and attack vectors. Discovering internet-facing servers is a way for the adversary to find potential entry points or weaknesses in the target network.

Reconnaissance and Resource Development are two tactics that are not in the Enterprise: Windows matrix of the MITRE ATT&CK Framework (version 11). These two tactics are part of the PRE-ATT&CK matrix, which covers the actions that adversaries take before compromising a target. The Enterprise: Windows matrix covers the actions that adversaries take after gaining initial access to a Windows system. Persistence, Execution, Impact, Collection, Privilege Escalation, and Initial Access are all tactics that are in the Enterprise: Windows matrix.