Mitre ATT&CK Framework
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) is the abbreviation for the framework established as part of an MITRE research project that commenced in 2013. MITRE ATT&CK is a tool that organizations may use to create threat models, assess the effectiveness of security tools, create detection tactics, and prioritize security investments. It may also be used to exchange defense and threat intelligence between companies.
The MITRE ATT&CK framework Training offered by CyberTrainings is a knowledge base of tactics and techniques that will help you understand and implement the MITRE ATT&CK framework in order to improve your threat intelligence Practices. This training will help threat hunters, defenders, and red teams classify assaults, determine attack attribution and goals, and estimate an organization’s risk.
WHY IT IS NEEDED?
- The MITRE ATT&CK architecture is a highly valuable tool for easing the communication of cyber threat intelligence between enterprises, governments, and end users. While there are alternative methods of exchanging intelligence in a similar fashion, ATT&CK stands out due to its use of a widely accepted language.
- Another advantage of deploying the ATT&CK structure is that it allows analysts and defenders to interact and use information to evaluate and contrast distinct threat categories. Both analysts and defenders are able to organize intelligence according to behavior by structuring data according to behavior. When together, they can identify and remove danger.
- Additionally, users may learn more about the strategies used by attackers, such as how they plan to breach networks and obtain the data they’re collecting. Therefore, in addition to their primary defensive concentration, defenders need to be well-versed in both offensive and defensive strategy.
Module 1: Introduction to Mitre ATT&CK and its Aplication
- What is Mitre ATT&CK ?
- Cyber Attack Lifecycle
- David Bianco’s Pyramid of Pain
- The 7 Stages of Cyber Kill Chain
- Threat Intelligence using Mitre ATT&CK
- Introduction to attack.mitre.org
Module 2: Introduction to Mitre ATT&CK Matrices
- Mitre Pre-ATT&CK threat modelling methodology for pre-exploit activities.
- The Enterprise Matrix : Windows , MacOS , Linux and more
- The Mobile Matrix
- The ICS (Industrical Control System) Matrix
Module 3: Mapping to ATT&CK Framework from Source Data
- Using highly portable yet small detection tests mapped to the Mitre ATT&CK
- Source Data vs Finished Reports.
- Real Time Case Studies for Lab Practice.
Module 4: Storing & Analyzing the ATT&CK Mapped Data
- Comparing different layers in ATT&CK Navigator
- Utilizing the MITRE ATT&CK Matrix
- MITRE ATT&CK Use Cases for Lab Practice
- Practice Application of ATT&CK for Self-Advancement
Module 5: Making Defensive Recommendations from MITRE ATT&CK – Mapped Data
- Introduction to Active Defense
- What is MITRE SHIELD?
- Making Defensive Recommendation with SHIELD
- Introduction to MITRE CAR(Cyber Analytics Repository)
- Learn to use MITRE ATT&CK for Threat Hunting
- Different TTP’s on attacking Active Directory
Module 6: Adversary Emulation Plans for Red Teams
- Install/Setup MITRE Caldera – an automated cyber adversary emulation system
- Atomic Red Teaming for MITRE-ATT&CK
- Use Cases using different MITRE Labs for Practical Knowledge
Pre-Requisite
- Operating System Basics
- Fundamentals of CyberSecurity
- Understanding of Information Security
Target Audience
- Cloud Security Professionals
- Cyber Security Professionals
- Information Systems Anlaysts
- Blue Team
- SOC Analyst
Duration
- 24 Hours