Training

Next Level Cyber Defense with MITRE ATT&CK®

Next Level Cyber Defense

We provide a 2-day course for security professionals who want to take the next steps in improving their cyber defense skills. For organisations it is crucial to know how good they are at defending themselves against cyber attacks. Do you know the effectiveness of your current level of cyber defense and where you could improve?

The MITRE ATT&CK framework allows you to answer these and many more questions, and enables you to start making the right improvements. ATT&CK is an online knowledge base of adversary behaviours based on real-world observations.

This training is powered and delivered by:

 

What will you learn?

In this training you will dive deep into MITRE ATT&CK and learn how to use the ATT&CK framework to strengthen your cyber defense significantly. The ultimate goal is to defeat attacks targeting your organisation. A large part of the training consists of practical and realistic lab assignments that can immediately be applied within your organisation. Topics that will be covered are: attack techniques, data log sources and their quality, detection coverage, prioritising your cyber defense efforts, threat intelligence and more.

Who should attend?

The training is optimally suited for:

  • People that work within a SOC/CDC/Blue Team (analysts, engineers, SOC manager, etc.) who want to extend their skills and knowledge on cyber defense.

  • Red teamers and people with an offensive background (e.g. penetration testers) who want to learn more about cyber defense.

  • Security professionals and -officers, that work for example within a CISO department, and want to learn how ATT&CK can be used to improve resilience against cyber attacks.

It is required to have technical IT knowledge and a reasonable level of security knowledge.

Key learning objectives

In this training you will learn:

  • How ATT&CK can help you to improve and prioritise your defense efforts.

  • Key concepts of cyber defense:

    • Pyramid of Pain

    • Cyber kill chain

    • Tactics, Techniques and Procedures (TTPs)

  • How to assess and score the data quality of your data log sources.

  • How to get insight in your visibility coverage (what can you see of attacker behaviours in your data log sources) and how you can use that knowledge to make the right improvements.

  • To map, score and improve your detection capabilities.

  • How to leverage threat intelligence to push forward your level of cyber defense.

Topics

This two-day course is packed with knowledge and hands-on lab assignments. The key topics that will be covered are:

Day 1

  • What is MITRE ATT&CK?

  • A short history of ATT&CK

  • Introduction to some key concepts:

    • Pyramid of Pain

    • Cyber kill chain in relation to MITRE ATT&CK

    • TTPs: Tactics, Techniques and Procedures

  • Labs with hands-on assignments on ATT&CK and the ATT&CK Navigator.

  • Deep dive into ATT&CK:

    • Tactics

    • Attack techniques

    • Data sources

    • Mitigations

    • Software

    • Groups (threat intelligence)

  • Leverage threat intelligence to prioritise defense efforts.

  • An overview of DeTT&CT

  • Deep dive into data sources and visibility coverage.

    • Mapping your data sources to ATT&CK

    • Scoring the data quality of your data sources

    • Discovering traces of ATT&CK techniques in your data log sources

    • Identifying gaps in your visibility coverage

  • Labs with hands-on assignments to get acquainted with DeTT&CT.

Day 2

  • Deep dive into detection coverage with the help of ATT&CK and DeTT&CT.

    • Map your detection capabilities to ATT&CK

    • Score the effectiveness of your detections

    • Identify the gaps in your detection coverage

    • Determine where and how your detections can be improved

  • Labs with hands-on assignments on mapping and scoring detections.

  • Deep dive into threat intelligence.

    • Key concepts of threat intelligence

    • How to use ATT&CK in relation to threat intelligence

    • Automatically map threat intelligence reports to ATT&CK

  • Labs with hands-on assignments on threat intelligence.

  • Deep dive in prioritising your defense efforts.

  • ATT&CK emulation.

  • Bonus lab for quick learners: use STIX/TAXII to analyse ATT&CK in order to answer questions and integrate it in your own tooling.

Practical information

Price

For this two day training we charge € 1500,- ex taxes a participant.

Course material

The course material is written in English. The training can be provided in either Dutch or English. If one or more attendee requests the training in English, the training will be given in English. Please bring your own laptop to the training and ensure it is capable of connecting to a remote system over RDP.

Interested in this training?

Please get in contact.

Contact

We hope to have informed you sufficiently, but if any questions remain or arise or if you would like to receive extra information about this training, or if you would like to explore the possibility of hosting this training at your own company, we would love to get in touch with you. Please find my contact details here.