Course Code:
mitreattck
Duration:
7 hours
Prerequisites:
- An understanding of information system security
Audience
- Information systems analysts
Overview:
MITRE ATT&CK is a framework of tactics and techniques used to classify attacks and assesses an organization's risk. ATT&CK brings awareness to an organization's security, identifying holes in defenses and prioritizing risks.
This instructor-led, live training (online or onsite) is aimed at information system analysts who wish to use MITRE ATT&CK to decrease the risk of a security compromise.
By the end of this training, participants will be able to:
- Set up the necessary development environment to start implementing MITRE ATT&CK.
- Classify how attackers interact with systems.
- Document adversary behaviors within systems.
- Track attacks, decipher patterns, and rate defense tools already in place.
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.
Course Outline:
Introduction
What is Malware?
- Types of malware
- The evolution of malware
Overview of Malware Attacks
- Propagating
- Non-propagating
Matrices of ATT&CK
- Enterprise ATT&CK
- Pre-ATT&CK
- Mobile ATT&CK
MITRE ATT&CK
- 11 tactics
- Techniques
- Procedures
Preparing the Development Environment
- Setting up a version control center (GitHub)
- Downloading a project that hosts a to-do list system of data
- Installing and configuring ATT&CK Navigator
Monitoring a compromised system (WMI)
- Instating command line scripts to conduct a lateral attack
- Utilizing ATT&CK Navigator to identify the compromise
- Assesing the compromise through the ATT&CK framework
- Performing process monitoring
- Documenting and patching the holes in the defense architecture
Monitoring a compromised system (EternalBlue)
- Instating command line scripts to conduct a lateral attack
- Utilizing ATT&CK Navigator to identify the compromise
- Assesing the compromise through the ATT&CK framework
- Performing process monitoring
- Documenting and patching the holes in the defense architecture
Summary and Conclusion
Sites Published: