Applying the MITRE ATT&CK Framework

Course 3942

  • Duration: 1 day
  • Language: English
  • Level: Intermediate

In this course, you will gain a foundational understanding of the MITRE ATT&CK Framework. Topics covered include its definition, the goals it aims to achieve, and its essential components, such as matrices, tactics, techniques, data sources, mitigations, groups, software, campaigns, and model relationships.

Through a case study, you'll explore the real world to illustrate how these components are interconnected. You'll explore the process of prioritising techniques using cyber threat intelligence (CTI) and assess the effectiveness of current defensive measures.

MITRE ATT&CK Framework Training Delivery Methods

  • Online

  • Enterprise Solutions Available

MITRE ATT&CK Framework Training Information

In this course, you will learn how to:

  • Develop a strong foundational knowledge of the MITRE ATT&CK Framework and its components.
  • Apply the framework to real-world cyber threats, such as the SolarWinds supply chain attack.
  • Learn how to map threat intelligence, alerts, and adversary behaviours to ATT&CK.
  • Use ATT&CK-mapped data to make informed and prioritised defensive recommendations.
  • Understand the role of cyber threat intelligence and its practical applications in security.

Training Prerequisites

Basic knowledge of cybersecurity concepts and terminology is recommended but not required.

MITRE ATT&CK Framework Training Outline

MITRE ATT&CK Framework Definition

Goal of MITRE ATT&CK Framework

Matrices

Tactics and Techniques

Data Sources

Mitigations

Groups

Software

Campaigns

MITRE ATT&CK Model Relationships

MITRE ATT&CK Model Relationships Example

Breakdown of Tactics, Techniques, Procedures, Mitigations, and Detection

TeamTNT

  • Mitigations
  • Detection

SolarWinds Compromise Background Information

Software Components of SolarWinds Compromise

  • SUNBURST and SUNSPOT

Mapping the Indicators to MITRE ATT&CK Framework

Loosely Linking Everything Together for SolarWinds

ATT&CK Navigator

  • SolarWinds ATT&CK Navigator

SolarWinds Attack Timeline

Indicators of Compromise (IOC)

Mitigations That Might Reduce the Likelihood and/or Impact of Supply Chain Attacks

Review of SolarWinds Compromise and Ability to Link to ATT&CK

Mapping Threat Intelligence to ATT&CK

  • Cyber Threat Intelligence (CTI) and IoBs
  • Analysing Behaviour
  • UEBA Data Sources
  • Data Drawn From Above Sources

Snake Malware and Turla CTI Advisories and Alerts

  • Research Advisory and Alert Information
  • Adversary Behaviour
  • Volatility Plugin
  • Network Intrusion Detection Systems (NIDS)
  • Host-Based Detection
  • Non-Standard Icon Size and Yara Rule
  • Memory Analysis

Practical Research Exercise

  • Initial Analysis
  • Mapping Data to MITRE ATT&CK
  • Compare Results to Improve Mapping

Pyramid of Pain

Use Collected and Analysed Data to Make Initial Recommendations

Process for Making Recommendations

Ways to Determine Priority of Techniques Using CTI

Assess Current Defensive Measures and Their Effectiveness

  • MITRE CAR and D3FEND
  • MITRE’s Cyber Analytics Repository (CAR)
  • MITRE D3FEND
  • MITRE ATT&CK and D3FEND

MITRE D3FEND Practical Exercise

MITRE D3FEND Practical Exercise Answer

Research Additional Defensive Options and Organisational Capabilities/Constraints

Consider Tradeoffs for Each Option

Sample Pros and Cons of Options

Make Recommendations

Make Recommendations—Supply Chain Compromise

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

MITRE ATT&CK Framework FAQs

The MITRE ATT&CK Framework is a comprehensive knowledge base of cyber adversary tactics, techniques, and procedures (TTPs) used in attacks. It's a valuable resource for understanding and countering cyber threats.

This course is designed for IT and cybersecurity professionals, security analysts, incident responders, threat intelligence analysts, and anyone interested in enhancing their knowledge of cyber threat analysis and defense strategies.

This course equips you with the knowledge and skills to better understand and respond to cyber threats. It's valuable for career growth in cybersecurity, threat analysis, and incident response.

For organisations, it can enhance their security posture and the ability to detect and mitigate threats effectively.

The main takeaways from this course include a strong foundation in the MITRE ATT&CK Framework, the ability to map real-world threats to it, and the skills to make informed defensive recommendations based on the framework.

  • IT and cybersecurity professionals
  • Security analysts and researchers
  • Incident responders
  • Threat intelligence analysts
  • Anyone interested in enhancing their understanding of cyber threat analysis and defense strategies.