MITRE ATT&CK Fundamentals
Published by O'Reilly Media, Inc.
How penetration testers, defenders, and blue or red teams can put the knowledge base to use +AI
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It is used by penetration testers and red teams to plan and automate the known attack patterns, tactics, techniques, and processes of the top advanced persistent threat (APT) groups.
Join cybersecurity expert Dean Bushmiller to discover the 13 tactics and techniques most used by cybercriminals and learn how to do what they do so you can detect and prevent components of each attack in the enterprise. Understanding the progression of all APTs and using MITRE ATT&CK in your organization will give you the best chance of thwarting the worst of the bad guys.
What you’ll learn and how you can apply it
By the end of this live online course, you’ll understand:
- MITRE ATT&CK indicators of compromise (IoC)
- Why threat modeling matters to your organization
- How to automate threat intelligence
And you’ll be able to:
- Use MITRE ATT&CK to understand current attacker tactics, techniques, and processes
- Apply the general use cases of detections and analytics, threat intelligence, adversary emulation (red-teaming), and assessment and engineering
This live event is for you because...
- You need a better understanding of advanced persistent threats.
- You work with threats and controls on a daily basis.
- You want a job in a security operations center.
Prerequisites
- A computer with VirtualBox, Windows 2012, and Microsoft Sysmon installed and configured
- Some familiarity with advanced persistent threat
- Experience working with MITRE ATT&CK Navigator at least once
Recommended preparation:
- Explore the repository for one hour of either AWS cloud or local virtual machine set up for best success in doing labs can be found on the github/deanbushmiller/ATTACK
- Explore MITRE ATT&CK (expert playlist)
- Review and watch technical setup one day before start of class
Recommended follow-up:
- Watch Certified Ethical Hacker (video series with Dean Bushmiller)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Getting Started (5 minutes)
- Presentation: Course introduction
- Hands-on exercises: Get to resources; start lab machines
- Group discussion: Skills survey
- Q&A
MITRE ATT&CK Intro (10 minutes)
- Presentation: Choose your interface—website, attack-navigator, STIX/TAXII
- Group discussion: What is your use case?
- Q&A
Tactics—Part I (25 minutes)
- Presentation: Visibility into reconnaissance; resource development; initial access; ATOMIC execution; persistence; privilege escalation
- Hands-on exercises: Explore execution, persistence, and privilege escalation
- Q&A
- Break
Tactics—Part II (25 minutes)
- Presentation: Defense evasion; credential access; discovery
- Hands-on exercises: Perform defense evasion, credential access, discovery, lateral movement, collection, command and control, and exfiltration
- Q&A
Prevention and mitigation (25 minutes)
- Presentation: Long-term security engineering; the futility of patch whack-a-mole and why you need to get better at it; risk management/assessment; threat modeling
- Q&A
Your Instructor
Dean Bushmiller
Dean Bushmiller is a virtual CISO, a penetration tester, and a global incident responder. His work with the Z9M9Z think tank impacts many Fortune 500 companies. As an instructor, he won O’Reilly’s Engager Award for 2023, so be ready to learn and have fun. He’s been teaching cybersecurity since 1999 and has achieved more than 34 major cybersecurity certifications and passed over 100 certification exams. Though Dean is nonmilitary, he has had the honor to train the US military since 1999. In recognition of his outstanding service in the Information Assurance field, he has received eight mission coins.