Overview
This course teaches how to operationalize the MITRE ATT&CK Framework. The learning outcomes include understanding the ATT&CK background, taxonomy, and useful technique data. Students will learn about existing tools for ATT&CK, deployment with Ansible, and proposed analytical models. The teaching method includes lectures on technique considerations, DLL manipulation, and defense strategies. This course is intended for cybersecurity professionals interested in penetration testing and threat detection using the MITRE ATT&CK Framework.
Syllabus
Intro
Overview
ATT&CK Background
ATT&CK Taxonomy
Useful Technique Data
Utility of ATT&CK for Penetration Testing - Research question: How many techniques directly applicable to
Existing Tools for ATT&CK
What tools do not exist...
Quick Aside on Student Competitions
Needs Requirement
ATT&CK Techniques Considered (2)
DLL Hello World
DLL Shenanigans
Payloads (1)
Deployment with Ansible
Technique Success?
Switching to Defense
Proposed Analytical Model
Example
Implementation
Model Success... or Lack Thereof
Confounding Variables
Future Work
QUESTIONS?