271 defences4,160 crosswalks

D3FENDD3FEND defensive matrix

7 tactics · 271 defensive techniques · 4,160 defends_against crosswalks to MITRE ATT&CK. Authored by Adam Lundqvist.

TACTICModelHardenDetectIsolateDeceiveEvictRestoreLEVELTechniqueSub-technique
ATT&CK coverage
0
1
2-3
4-5
6+

MODModel0 techniques

HARHarden55 techniques

D3-PH
Platform Hardening
D3-FE
File Encryption
D3-AA
Agent Authentication
D3-CH
Credential Hardening
D3-MFA
Multi-factor Authentication
D3-SU
Software Update
D3-TBA
Token-based Authentication
D3-CDP
Change Default Password
D3-CERO
Certificate Rotation
D3-CRO
Credential Rotation
D3-PWA
Password Authentication
D3-SPP
Strong Password Policy
D3-OTP
One-time Password
D3-PR
Password Rotation
D3-TB
Token Binding
D3-CBAN
Certificate-based Authentication
D3-BAN
Biometric Authentication
D3-AH
Application Hardening
D3-SCP
System Configuration Permissions
D3-PSEP
Process Segment Execution Prevention
D3-SAOR
Segment Address Offset Randomization
D3-EMH
Electromagnetic Radiation Hardening
D3-RFS
RF Shielding
D3-RH
Radiation Hardening
D3-SFCV
Stack Frame Canary Validation
D3-ACH
Application Configuration Hardening
D3-DRA
Disable Remote Access
D3-DENCR
Disk Encryption
D3-BA
Bootloader Authentication
D3-CP
Certificate Pinning
D3-CS
Credential Scrubbing
D3-DLV
Domain Logic Validation
D3-HBWP
Hardware-based Write Protection
D3-SCH
Source Code Hardening
D3-TL
Trusted Library
D3-VI
Variable Initialization
D3-BMA
Bus Message Authentication
D3-CFI
Control Flow Integrity
D3-DCE
Dead Code Elimination
D3-DLIC
Driver Load Integrity Checking
D3-EHPV
Exception Handler Pointer Validation
D3-IRV
Integer Range Validation
D3-MAN
Message Authentication
D3-MBSV
Memory Block Start Validation
D3-MENCR
Message Encryption
D3-MH
Message Hardening
D3-NPC
Null Pointer Checking
D3-OLV
Operational Logic Validation
D3-PAN
Pointer Authentication
D3-PEH
Physical Enclosure Hardening
D3-PV
Pointer Validation
D3-RN
Reference Nullification
D3-TAAN
Transfer Agent Authentication
D3-TBI
TPM Boot Integrity
D3-VTV
Variable Type Validation

DETDetect0 techniques

ISOIsolate57 techniques

D3-AMED
Access Mediation
D3-APA
Access Policy Administration
D3-CF
Content Filtering
D3-NRAM
Network Resource Access Mediation
D3-CQ
Content Quarantine
D3-CV
Content Validation
D3-FFV
File Format Verification
D3-LFP
Local File Permissions
D3-CFC
Content Format Conversion
D3-CM
Content Modification
D3-CNE
Content Excision
D3-CNR
Content Rebuild
D3-CNS
Content Substitution
D3-FCDC
File Content Decompression Checking
D3-FISV
File Internal Structure Verification
D3-FMBV
File Magic Byte Verification
D3-FMCV
File Metadata Consistency Validation
D3-FMVV
File Metadata Value Verification
D3-RFAM
Remote File Access Mediation
D3-NI
Network Isolation
D3-NTF
Network Traffic Filtering
D3-EI
Execution Isolation
D3-SCF
System Call Filtering
D3-EAL
Executable Allowlisting
D3-EDL
Executable Denylisting
D3-HBPI
Hardware-based Process Isolation
D3-OTF
Outbound Traffic Filtering
D3-CTS
Credential Transmission Scoping
D3-UAP
User Account Permissions
D3-EBWSAM
Endpoint-based Web Server Access Mediation
D3-PBWSAM
Proxy-based Web Server Access Mediation
D3-ABPI
Application-based Process Isolation
D3-KBPI
Kernel-based Process Isolation
D3-LFAM
Local File Access Mediation
D3-ITF
Inbound Traffic Filtering
D3-WSAM
Web Session Access Mediation
D3-IOPR
IO Port Restriction
D3-EF
Email Filtering
D3-DNSAL
DNS Allowlisting
D3-DNSDL
DNS Denylisting
D3-FRDDL
Forward Resolution Domain Denylisting
D3-HDDL
Hierarchical Domain Denylisting
D3-HDL
Homoglyph Denylisting
D3-RRID
Reverse Resolution IP Denylisting
D3-DTP
Domain Trust Policy
D3-BDI
Broadcast Domain Isolation
D3-DNL
Directional Network Link
D3-EPL
Physical Locking
D3-ET
Encrypted Tunnels
D3-FRIDL
Forward Resolution IP Denylisting
D3-LAMED
LAN Access Mediation
D3-NAM
Network Access Mediation
D3-OPR
Operating Mode Restriction
D3-OVAR
OT Variable Access Restriction
D3-PAM
Physical Access Mediation
D3-RAM
Routing Access Mediation
D3F-UGPH
User Group Permissions

DECDeceive0 techniques

EVIEvict19 techniques

D3-OE
Object Eviction
D3-FEV
File Eviction
D3-CE
Credential Eviction
D3-PE
Process Eviction
D3-ANCI
Authentication Cache Invalidation
D3-CR
Credential Revocation
D3-AL
Account Locking
D3-HR
Host Reboot
D3-HS
Host Shutdown
D3-PS
Process Suspension
D3-PT
Process Termination
D3-ST
Session Termination
D3-ER
Email Removal
D3-DKF
Disk Formatting
D3-DKP
Disk Partitioning
D3-DKE
Disk Erasure
D3-RKD
Registry Key Deletion
D3-DNSCE
DNS Cache Eviction
D3-DRT
Domain Registration Takedown

RESRestore12 techniques

D3-RO
Restore Object
D3-RF
Restore File
D3-RC
Restore Configuration
D3-RA
Restore Access
D3-RS
Restore Software
D3-RD
Restore Database
D3-RIC
Reissue Credential
D3-RUAA
Restore User Account Access
D3-ULA
Unlock Account
D3-RNA
Restore Network Access
D3-RE
Restore Email
D3-RDI
Restore Disk Image
Sourced from MITRE D3FEND ontology. Cross-walks ingested via the D3FEND CSV feed. Curated by Adam Lundqvist, Founder at SQUR.
D3FEND defensive matrix | SQUR Knowledge Base