This course teaches how to operationalize the MITRE ATT&CK Framework. The learning outcomes include understanding the ATT&CK background, taxonomy, and useful technique data. Students will learn about existing tools for ATT&CK, deployment with Ansible, and proposed analytical models. The teaching method includes lectures on technique considerations, DLL manipulation, and defense strategies. This course is intended for cybersecurity professionals interested in penetration testing and threat detection using the MITRE ATT&CK Framework.
Overview
Syllabus
Intro
Overview
ATT&CK Background
ATT&CK Taxonomy
Useful Technique Data
Utility of ATT&CK for Penetration Testing - Research question: How many techniques directly applicable to
Existing Tools for ATT&CK
What tools do not exist...
Quick Aside on Student Competitions
Needs Requirement
ATT&CK Techniques Considered (2)
DLL Hello World
DLL Shenanigans
Payloads (1)
Deployment with Ansible
Technique Success?
Switching to Defense
Proposed Analytical Model
Example
Implementation
Model Success... or Lack Thereof
Confounding Variables
Future Work
QUESTIONS?
Related Courses
-
MITRE ATT&CK - The Play at Home Edition
-
Don't Boil the Ocean - Using MITRE ATT&CK to Guide Hunting Activity
3.0 -
Threat Hunting - Using MITRE ATT&CK Against Carbanak Malware
-
DeTT&CT - Mapping Your Blue Team to MITRE ATT&CK
-
ATT&CKing the Status Quo - Improving Threat Intel and Cyber Defense with MITRE ATT&CK
-
Conceptos de OT para Blue Teamers - Santiago Abastante & Matias Manassero - Ekoparty 2021: BlueSpace
