{μ} Maneuver Calculus v0.2.1 — current
Sheet MC-02
Working draft MC-SPEC 0.2.1 — the full specification and ontology are not yet published
Overview/The framework

1The framework

Last updated 11 July 2026 · v0.2.1

Maneuver Calculus is a procedure-level calculus of adversary action, defensive control, and the coverage relation connecting them. It models adversary behaviour as typed, objective-rooted state changes over a persistent world-state, so that a coverage conclusion is something a defender derives — and can audit — rather than something anyone asserts.

1.1The unit of account

The unit of account is the maneuver: one procedure, identified by its observable effect. A maneuver declares its preconditions (the state the world must be in), one core mechanism, and its postconditions (the state the world is left in). The calculus sits one altitude below technique labels: many procedures implement one technique, and the label lives on the technique, never on the maneuver.

A maneuver's identity is its single invariant core plus the objective it serves — not its tradecraft. This objective-rooting is the forgery-resistance anchor of the whole system: decoys can obscure a path, but the true chain still points at the objective.

FIG. 1 — THE MANEUVER · { P } m { Q } OBJECTIVE serves { P } m { Q } requires yields PRECONDITION MECHANISM POSTCONDITION via INVARIANT CORE the chokepoint — fixes identity realizes IMPLEMENTATION VARIANT one tradecraft realization · swappable
Fig. 1 — A maneuver is a Hoare triple: precondition {P}, mechanism m, postcondition {Q}. It is rooted in the objective it serves and identified by an invariant core — the chokepoint that cannot change without changing the goal. An implementation variant (red) realizes the same core with different, swappable tradecraft.

The same anatomy, filled out as a full maneuver record — the branded artifact from our testing. It reads in five zones: identity, the precondition → mechanism → postcondition spine, the defender surface (observables, detection health, the prevent/detect/react grid), a detachable annex (occurrence, attribution, investigation, reconstruction), and a dashed not-yet-modeled zone marking what the calculus is still silent on.

{μ}
Maneuver record
harvest LSASS-cached credentials · T1003.001 · mc:mLSASSCred
record · mLSASSCred
compiled 11 JULY 2026
campaign BB-2026-Q2
type altitude — reference record 13 blocks · 4 zones · read A → B → C → D tiers: core required · declare must-appear · extend detachable
Zone A identity
1 maneuver core
Harvest LSASS-cached credentials
viaread credential material from LSASS process memory servescredential access · TA0006 techniqueT1003.001 statusactive chainstep 3 · Black Basta 3-maneuver arc
2 objective declare
Credential access
served-bymc:mLSASSCred tacticTA0006 · credential access yieldactor account credentialHeld subsumes {admin}
Zone B spine precondition → mechanism → postcondition
3 preconditions core
pre.1adversary process integrity ≥ system
roleadversary process varintegrity valuesystem opdominates ⊒ groundsobsPrivToken
holds
4 mechanism core
Read credential material from LSASS process memory
manifests as obsLSASSRead · invariant core
implementation variants — evolution ↴
MiniDump
dump-to-disk
userland RPM
◂ used · oc1
syscall / handle-dup
variant π′ — redline
yields
5 postconditions core
post.1credentialHeld subsumes {admin}
roleactor account varcredentialHeld value{admin} opsubsumes ⊇ groundsobsLSASSRead
forward 3 → 4 → 5 5 → 3 reverse read
6 state footprint — attached to spine declare
sf1 · @step 3
adversary process
integrity = system
sf2 · @step 3
svc_backup
credentialHeld = {admin}
sf3 · @step 4
Sysmon
controlStatus = impaired
Zone C defender surface
7 observables — keyed o1…o5 · robustness ladder L1–L5 declare
o-refobservablerolerobustness
o1 non-LSASS context reads LSASS credential memory spanning L5
o2 minidump (MDMP) of lsass written to disk discriminating L2
o3 userland handle to lsass with VM_READ + RPM · evidenced oc1 discriminating L3
o4 lsass read visible only via kernel / ETW-Ti discriminating L4
o5 SeDebugPrivilege / SYSTEM token present discriminating L2
8 detection health — detectabilities · dependency logic · source control declare
faceUserlandHandle · required · Sysmon → o3blinded
faceKernelRead · required · ETW-Ti → o4healthy
faceMDMP · required · File/DLP → o2healthy
faceProcLineage · required · Sysmondegraded
faceScaffolded · trigger-plus-enrichment · trig o3 / enrich lineagedegraded
faceComposite · k-of-n k=2 · o3/o4/o2healthy
faceRedundant · redundant · o3/o4healthy
note
sf3 impairs Sysmon at step 4 — severing the source of faceUserlandHandle (blinded) and degrading faceProcLineage / faceScaffolded. The k-of-n and redundant faces still resolve on ETW-Ti + File/DLP, so the maneuver stays covered.
9 defender grid — locus × function · columns align to spine 3 · 4 · 5 declare
function ↓ / locus → 3preconditions 4mechanism 5postconditions
prevent
deny local admin / SeDebug
dRemoveAdmin · invalidates pre
RunAsPPL (LSASS as PPL)
dPPL
Credential Guard (VBS)
dCredGuard
detect
absent
Sysmon ProcessAccess (EID 10) ◂ blinded
ETW-Ti / kernel callbacks
minidump-on-disk detection
dSysmon10 · dEtwTi · dMDMPScan
absent
react
absent
absent
post-compromise credential rotation
dCredRotate · evicts post
covered — hatchedgap — absent
Zone D annex extend · detachable
10 occurrence — occurrence altitude · 1 card + chain extend
oc1 · step 3 · 2026-05-01T14:22:07Z
usesvarUserlandRead target hostFILE-SRV-04 actor acctsvc_backup requirescs1 · integrity = system yieldscs2 · credentialHeld = {admin}
evidence claims
ev1 · o3 · Sysmon EID 10fab moderate ev2 · o2 · EDR file telemetryfab high ev3 · o4 · ETW-Tifab low
campaign chain — state progression
oc1 · credential access
integrity=system → {admin}
oc2 · lateral SMB
PsExec → reachable
oc3 · ransomware
encrypt → dataState = encrypted
11 attribution extend
actorBlack Basta campaignBB-2026-Q2 conducted-byBlack Basta
12 investigation extend
“Did svc_backup obtain admin credential material?”
dfiqQ1003.001 variablecredentialHeld answersinv1 · credential-access investigation discriminateshyp1 / hyp2
13 reconstruction — hypotheses bridge obv0 → obv1 extend
obv0 · integrity=system
14:20Z · conf 0.9
──▸ [ oc1 ]
hypothesized step
──▸ obv1 · credentialHeld = {admin}
14:25Z · conf 0.8
hypothesis adv cost prior parsimony consistency hyp1 · LSASS read bridged the residual leading 0.40 0.60 1 0.75 hyp2 · credential reuse (no LSASS read) 0.55 0.30 2 0.50
Zone E not yet modeled silent by design — never inferred as covered
! out of framework — the model is SILENT here; absence is not coverage
sibling paths SAM / registry-hive dump (T1003.002) · DCSync (T1003.006) · NTDS.dit (T1003.003) · remote LSASS · offline crack · LSA secrets — unmodeled, no coverage record prevent / respond no prevent- or respond-locus defensive maneuver authored against this maneuver yet — the Zone C grid reads detection only health values a fifth detectability status for a signal that fires but looks authorized — surfaced by the legitimacy-degradation test, not yet in the model
core — ink fill declare — hairline extend — depot dash | margin red = attention · adversary · variant empty vocab: unassessed · none-known · not-applicable
mix — stacked zones · ledger buff · mono · tier ink-fill · gap hollow-box · cue order-ticks · glyph status-chips · chip inverse · annex depot-dash · gutter lane-markers · comfortable

Nothing in the not-yet-modeled zone is read as covered — the calculus reports silence there, never a fabricated verdict. The test results measure exactly that discipline.

1.2Invariant core and implementation variant

Every maneuver separates what the adversary cannot change from what they can. The invariant core is the effect that cannot change without changing the goal itself — the chokepoint. An implementation variant is one tradecraft realization of that core: discriminating in telemetry, and freely swappable by the adversary. The calculus types both, because a defence graded against a variant and a defence graded against the core are different claims with different lifetimes.

1.3Robustness

Robustness is the evasion-resistance of a detection, graded L1–L5 on the Summiting the Pyramid scale. The grade is authored — measured empirically, by convergent evolution and mutation survival — but it is not free: where an observable is grounded fixes its role, and the model checks the grade against that role. Grounded in the invariant core, an observable is spanning and should grade high — it fires regardless of variant; grounded in a single implementation, it is discriminating and grades low. A consistency shape flags any grade that disagrees with its grounding.

Robustness is one of two evidence axes. The other is fabricability — injection resistance. A chain that is too clean, high in fabricability and low in robustness, is flagged rather than trusted.

FIG. 2 — GROUNDING FIXES THE ROBUSTNESS ROLE (L1–L5) ROBUSTNESS L1 L2 L3 L4 L5 SPANNING core-grounded · every variant fires it A SIBLING VARIANT CLEARS THIS RUNG DISCRIMINATING · variant-grounded
Fig. 2 — Robustness is graded L1–L5 and measured empirically, but grounding fixes what the grade should be. Grounded in the invariant core, an observable is spanning — it fires for every variant and belongs high. Grounded in a single variant, it is discriminating and sits low, where a sibling variant (red) evades it. A consistency shape flags a grade that disagrees with its grounding. Fabricability is a second, orthogonal axis.

1.4Defensive control and detection health

A defensive control is the defender unit: it sources telemetry, and a maneuver's mechanism is watched through a detectability. Each detectability carries a four-valued health — live, degraded, blind, uncertain — and a dependency logic over what it rests on (required, redundant, trigger-plus-enrichment, k-of-n). Killing one control ramifies through the dependency graph: a detectability whose trigger is severed goes blind, one whose enrichment is severed only degrades, and every coverage conclusion that rested on them moves with them.

FIG. 3 — KILL A CONTROL AND THE DEPENDENCY TREE MOVES EDR ENDPOINT TELEMETRY CONTROL KILLED triggerDependsOn enrichmentDependsOn LSASS ACCESS BLIND MASS-ENCRYPTION BLIND EXFIL DEGRADED own source: network monitor HEALTH: live · degraded · blind · uncertain
Fig. 3 — A detectability rests on the telemetry that sources it. Kill the EDR (red) and the two detectabilities that trigger off it go blind; the one that only draws enrichment from it — and has its own network-monitor source — merely degrades. Health is four-valued and propagates down the tree, which is why robustness is time-dependent: a grade holds only while the telemetry beneath it does.

1.5Coverage

Coverage is the relation between a defensive control and a maneuver. Its constitutive discipline is that coverage MUST be derived — from declared telemetry sourcing, detectability health, and robustness grounding — and MUST NOT be asserted. Where the derivation cannot be made, the calculus is silent: the honest output is "unmodeled — escalate," never an assumed verdict.

That discipline reads as a limitation until it is tested. In the paired-arm tabletop results, it is precisely what separates a responder who discloses a gap from one who fabricates a confident "covered" — see the test results.

1.6Composition and reconstruction

Maneuvers compose. At the type altitude, a completed maneuver's postconditions can satisfy another's preconditions — what a foothold unlocks is first-class and machine-checkable, and chains of unlocking form a directed acyclic graph. At the occurrence altitude, the same structure records what actually happened in an incident, grounded to concrete entities and their states.

Reconstruction runs the calculus backwards: given two observations and the residual between them, it produces a ranked set of maneuver sequences that close the residual — ranked with a forgery-resistance term, so a chain of easily fabricated evidence cannot outrank a chain of robust evidence.

1.7Alignment

The calculus is framework-neutral. Alignment to ATT&CK, D3FEND, Summiting the Pyramid, and DFIQ is by mapping, never by import or subclassing: ATT&CK ids live on the technique altitude, objectives map to tactics, and the procedure altitude below them is where the calculus does its work. Nothing in the model depends on any one framework's taxonomy surviving contact with the next revision.

NoteThe full specification, ontology, and worked examples are not yet published. This page states the shape of the system; conformance language binds only once the specification ships.
Apache-2.0 · © The Maneuver Calculus contributors