MITRE ATT&CK Hands-on Training Course

Introduction to ATT&CK

• Overview of the MITRE ATT&CK framework
• History and development of ATT&CK

ATT&CK Matrix

• Structure and components of the ATT&CK matrix
• How to navigate and interpret the matrix

Tactics

• Definition and importance of tactics in ATT&CK
• Overview of each tactic category

Techniques

• Detailed examination of techniques within each tactic
• Examples of common techniques used by adversaries

Sub-techniques

• Explanation of sub-techniques and their relevance
• How sub-techniques provide more granularity

Mitigations

• Developing and implementing effective mitigations
• Case studies on successful mitigation strategies

Data Sources and Detections

• Identifying and utilizing data sources for threat detection
• Tools and methodologies for effective detection

Groups and Software

• Overview of threat actor groups and associated software
• Understanding the behavior and tactics of different groups

ATT&CK Navigator

• Introduction to ATT&CK Navigator
• Using the Navigator for threat detection and planning

Adversary Emulation

• Principles and techniques of adversary emulation
• Conducting realistic attack simulations

Study Real-world Adversaries

• Case studies of real-world adversaries and their techniques
• Lessons learned from analyzing past attacks

Simulations and Lab Scenarios

• Hands-on labs for simulating attack scenarios
• Applying knowledge to detect and respond to simulated threats

Tools to be Learned

• MITRE ATT&CK Navigator
• SIEM tools (e.g. ELK Stack)
• Threat intelligence platforms
• Attack simulation tools

Lab

• Setup and configuration of a lab environment
• Simulating attack scenarios
• Hands-on exercises for detecting and mitigating threats

Bonus Content

• Advanced threat hunting techniques
• Emerging trends in cyber threats and defense
• Resources for continuous learning and staying updated

System Requirements

• Laptop with minimum 8GB RAM and 50GB free disk space
• Virtualization software (e.g., VMware, VirtualBox)
• Internet connection for accessing online resources and tools

• Cybersecurity professionals
• Security Analysts
• Incident Responders
• Threat Hunters
• SOC teams
• IT Security Managers
• Anyone interested in advancing their knowledge of threat detection and mitigation

• Basic understanding of cybersecurity concepts
• Familiarity with common cyber threats and attack vectors
• Experience with security operations and incident response (recommended)

At the end of the course, you will be able to:

• Understand the fundamentals and structure of the MITRE ATT&CK framework.
• Identify and categorize tactics, techniques, and sub-techniques used by adversaries.
• Develop and implement effective mitigations for identified threats.
• Utilize data sources and detections for robust threat analysis.
• Apply ATT&CK Navigator for visualizing and planning threat detection strategies.
• Conduct adversary emulation to simulate real-world attack scenarios.
• Enhance threat detection skills through hands-on labs and simulations.