Training
Next Level Cyber Defense with MITRE ATT&CK®
We provide a 2-day course for security professionals who want to take the next steps in improving their cyber defense skills. For organisations it is crucial to know how good they are at defending themselves against cyber attacks. Do you know the effectiveness of your current level of cyber defense and where you could improve?
The MITRE ATT&CK framework allows you to answer these and many more questions, and enables you to start making the right improvements. ATT&CK is an online knowledge base of adversary behaviours based on real-world observations.
This training is powered and delivered by:
What will you learn?
In this training you will dive deep into MITRE ATT&CK and learn how to use the ATT&CK framework to strengthen your cyber defense significantly. The ultimate goal is to defeat attacks targeting your organisation. A large part of the training consists of practical and realistic lab assignments that can immediately be applied within your organisation. Topics that will be covered are: attack techniques, data log sources and their quality, detection coverage, prioritising your cyber defense efforts, threat intelligence and more.
Who should attend?
The training is optimally suited for:
People that work within a SOC/CDC/Blue Team (analysts, engineers, SOC manager, etc.) who want to extend their skills and knowledge on cyber defense.
Red teamers and people with an offensive background (e.g. penetration testers) who want to learn more about cyber defense.
Security professionals and -officers, that work for example within a CISO department, and want to learn how ATT&CK can be used to improve resilience against cyber attacks.
It is required to have technical IT knowledge and a reasonable level of security knowledge.
Key learning objectives
In this training you will learn:
How ATT&CK can help you to improve and prioritise your defense efforts.
Key concepts of cyber defense:
Pyramid of Pain
Cyber kill chain
Tactics, Techniques and Procedures (TTPs)
How to assess and score the data quality of your data log sources.
How to get insight in your visibility coverage (what can you see of attacker behaviours in your data log sources) and how you can use that knowledge to make the right improvements.
To map, score and improve your detection capabilities.
How to leverage threat intelligence to push forward your level of cyber defense.
Topics
This two-day course is packed with knowledge and hands-on lab assignments. The key topics that will be covered are:
Day 1
What is MITRE ATT&CK?
A short history of ATT&CK
Introduction to some key concepts:
Pyramid of Pain
Cyber kill chain in relation to MITRE ATT&CK
TTPs: Tactics, Techniques and Procedures
Labs with hands-on assignments on ATT&CK and the ATT&CK Navigator.
Deep dive into ATT&CK:
Tactics
Attack techniques
Data sources
Mitigations
Software
Groups (threat intelligence)
Leverage threat intelligence to prioritise defense efforts.
An overview of DeTT&CT
Deep dive into data sources and visibility coverage.
Mapping your data sources to ATT&CK
Scoring the data quality of your data sources
Discovering traces of ATT&CK techniques in your data log sources
Identifying gaps in your visibility coverage
Labs with hands-on assignments to get acquainted with DeTT&CT.
Day 2
Deep dive into detection coverage with the help of ATT&CK and DeTT&CT.
Map your detection capabilities to ATT&CK
Score the effectiveness of your detections
Identify the gaps in your detection coverage
Determine where and how your detections can be improved
Labs with hands-on assignments on mapping and scoring detections.
Deep dive into threat intelligence.
Key concepts of threat intelligence
How to use ATT&CK in relation to threat intelligence
Automatically map threat intelligence reports to ATT&CK
Labs with hands-on assignments on threat intelligence.
Deep dive in prioritising your defense efforts.
ATT&CK emulation.
Bonus lab for quick learners: use STIX/TAXII to analyse ATT&CK in order to answer questions and integrate it in your own tooling.
Practical information
Price
For this two day training we charge € 1500,- ex taxes a participant.
Course material
The course material is written in English. The training can be provided in either Dutch or English. If one or more attendee requests the training in English, the training will be given in English. Please bring your own laptop to the training and ensure it is capable of connecting to a remote system over RDP.
Interested in this training?
Please get in contact.
Contact
We hope to have informed you sufficiently, but if any questions remain or arise or if you would like to receive extra information about this training, or if you would like to explore the possibility of hosting this training at your own company, we would love to get in touch with you. Please find my contact details here.