CMU-S3D-23-107
Software and Societal Systems Department
School of Computer Science, Carnegie Mellon University



CMU-S3D-23-107

Revelation of System and Human Vulnerabilities Across
MITRE ATT&CK Techniques with Insights from ChatGPT

Jeongkeun Shin, Geoffrey B. Dobson, L. Richard Carley, Kathleen M. Carley

December 2023

CMU-S3D-23-107.pdf


Keywords: Cybersecurity, MITRE ATT&CK, Enterprise Device Vulnerability, Mobile Device Vulnerability

Cybercriminals employ a diverse range of tactics and techniques to exploit vulnerabilities in targeted computing devices. In employing each method, they actively search for weaknesses in the target device's system or capitalize on human vulnerabilities, often arising from end users' mistakes or the sophisticated deception employed by cybercriminals. Therefore, constructing a realistic model to simulate cyber attack campaigns in the virtual environments requires a thorough understanding of all possible system and human vulnerabilities that may be exploited during such campaigns. In this technical report, we have delineated the various system and human vulnerabilities associated with each MITRE ATT&CK technique. In this technical report, we comprehensively outline the system and human vulnerabilities associated with each MITRE ATT&CK technique. We have enlisted the assistance of ChatGPT 3.5 to succinctly summarize the potential vulnerabilities targeted by each technique, drawing insights from the detailed information provided for each MITRE ATT&CK technique. Furthermore, we provide cyber attack mitigation strategies and leverage reverse-engineering capabilities through ChatGPT to infer potential vulnerabilities or weaknesses.

502 pages

*Department of Electrical and Computer Engineering, Carnegie Mellon University


Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by reports@cs.cmu.edu