In this course, you will gain a foundational understanding of the MITRE ATT&CK Framework. Topics covered include its definition, the goals it aims to achieve, and its essential components, such as matrices, tactics, techniques, data sources, mitigations, groups, software, campaigns, and model relationships.
Through a case study, you'll explore the real world to illustrate how these components are interconnected. You'll explore the process of prioritizing techniques using cyber threat intelligence (CTI) and assess the effectiveness of current defensive measures.
MITRE ATT&CK Framework Training Delivery Methods
MITRE ATT&CK Framework Training Information
In this course, you will learn how to:
- Develop a strong foundational knowledge of the MITRE ATT&CK Framework and its components.
- Apply the framework to real-world cyber threats, such as the SolarWinds supply chain attack.
- Learn how to map threat intelligence, alerts, and adversary behaviors to ATT&CK.
- Use ATT&CK-mapped data to make informed and prioritized defensive recommendations.
- Understand the role of cyber threat intelligence and its practical applications in security.
Basic knowledge of cybersecurity concepts and terminology is recommended but not required.
MITRE ATT&CK Framework Training Outline
MITRE ATT&CK Framework Definition
Goal of MITRE ATT&CK Framework
Tactics and Techniques
MITRE ATT&CK Model Relationships
MITRE ATT&CK Model Relationships Example
Breakdown of Tactics, Techniques, Procedures, Mitigations, and Detection
SolarWinds Compromise Background Information
Software Components of SolarWinds Compromise
Mapping the Indicators to MITRE ATT&CK Framework
Loosely Linking Everything Together for SolarWinds
- SolarWinds ATT&CK Navigator
SolarWinds Attack Timeline
Indicators of Compromise (IOC)
Mitigations That Might Reduce the Likelihood and/or Impact of Supply Chain Attacks
Review of SolarWinds Compromise and Ability to Link to ATT&CK
Mapping Threat Intelligence to ATT&CK
- Cyber Threat Intelligence (CTI) and IoBs
- Analyzing Behavior
- UEBA Data Sources
- Data Drawn From Above Sources
Snake Malware and Turla CTI Advisories and Alerts
- Research Advisory and Alert Information
- Adversary Behavior
- Volatility Plugin
- Network Intrusion Detection Systems (NIDS)
- Host-Based Detection
- Non-Standard Icon Size and Yara Rule
- Memory Analysis
Practical Research Exercise
- Initial Analysis
- Mapping Data to MITRE ATT&CK
- Compare Results to Improve Mapping
Pyramid of Pain
Use Collected and Analyzed Data to Make Initial Recommendations
Process for Making Recommendations
Ways to Determine Priority of Techniques Using CTI
Assess Current Defensive Measures and Their Effectiveness
- MITRE CAR and D3FEND
- MITRE’s Cyber Analytics Repository (CAR)
- MITRE D3FEND
- MITRE ATT&CK and D3FEND
MITRE D3FEND Practical Exercise
MITRE D3FEND Practical Exercise Answer
Research Additional Defensive Options and Organizational Capabilities/Constraints
Consider Tradeoffs for Each Option
Sample Pros and Cons of Options
Make Recommendations—Supply Chain Compromise