Windows Net command executed to enumerate administrators
TTP stands for “Tactics, Techniques, and Procedures”, where:
So, something like “obtain access to a domain controller, using exploit X, delivered via a malicious attachment.”
(I mostly say all of this to remind myself that these terms are being used in a slightly different fashion than my current workplace, which would probably use “goals, tactics, techniques” to represent the same steps.)
“ATT&CK” stands for “Adversarial Tactics, Techniques, and Common Knowledge”.
“CAR” stands for “Cyber Analytics Repository”.
The ATT&CK Navigator tool highlights analytics currently available in CAR using blue.
Also known as “AEP”.
The MITRE AEPs are kinda hard to find: