MITRE ATT&CK® Framework Training Workshop by Tonex
This 2-day intensive workshop is designed to provide participants with a comprehensive understanding of the MITRE ATT&CK® Framework. ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. This workshop will enable participants to use the ATT&CK framework to develop specific threat models and methodologies, enhancing their cybersecurity strategies.
MITRE ATT&CK® stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The MITRE ATT&CK framework is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target. The workshop combines theoretical knowledge with practical exercises to ensure participants can effectively apply ATT&CK in their environments.
Learning Objectives:
By the end of this workshop, participants will be able to:
- Understand the structure and purpose of the MITRE ATT&CK® Framework.
- Identify and analyze common adversary tactics and techniques.
- Apply ATT&CK knowledge to improve threat detection and response.
- Develop and implement threat models using ATT&CK.
- Conduct effective red teaming and blue teaming exercises.
- Integrate ATT&CK into cybersecurity operations and strategies.
Target Audience:
- Cybersecurity Professionals
- Security Analysts
- IT Risk Managers
- Threat Intelligence Analysts
- SOC Teams
- Incident Responders
- Researchers and Academics in Cybersecurity
- Anyone interested in enhancing their understanding of adversary tactics and techniques
Workshop Modules:
Day 1: Understanding the MITRE ATT&CK® Framework
Module 1: Introduction to MITRE ATT&CK®
- Overview of the ATT&CK Framework: Purpose and Scope
- History and Development of ATT&CK
- Key Components and Structure of ATT&CK
Module 2: Adversary Tactics and Techniques
- Overview of Tactics, Techniques, and Procedures (TTPs)
- Detailed Analysis of Common Adversary Techniques
- Case Studies of Real-world Cyber Attacks
Module 3: Real-world Attack Observations
- Insights from Documented Attack Scenarios
- Learning from Red Team and Blue Team Exercises
- Understanding the Adversarial Mindset
Module 4: Hands-on Exercise: Navigating ATT&CK
- Practical Session on Using the ATT&CK Knowledge Base
- Identifying Relevant Tactics and Techniques
- Mapping Observations to ATT&CK Entries
Day 2: Applying ATT&CK in Cybersecurity Operations
Module 5: Developing Threat Models with ATT&CK
- Building Threat Models Using ATT&CK
- Practical Examples of Threat Model Development
- Case Study: Effective Threat Modeling
Module 6: Threat Detection and Response
- Leveraging ATT&CK for Threat Detection
- Integrating ATT&CK into Incident Response
- Tools and Techniques for Effective Response
Module 7: Practical Session: Red Teaming and Blue Teaming with ATT&CK
- Conducting Red Team Exercises Using ATT&CK
- Blue Team Strategies for Detection and Mitigation
- Analyzing and Interpreting Exercise Results
Module 8: Integrating ATT&CK into Cybersecurity Strategy
- Building ATT&CK into Security Operations Centers (SOC)
- Continuous Improvement and Adaptation with ATT&CK
- Resources for Ongoing Learning and Development
Conclusion and Q&A
- Recap of Key Takeaways
- Open Floor for Questions and Discussions
- Networking Opportunity for Participants
Participants will receive a certificate of completion and access to additional resources to continue their learning journey in cybersecurity using the MITRE ATT&CK® Framework.