Applying the MITRE ATT&CK Framework

In this course, you will gain a foundational understanding of the MITRE ATT&CK Framework. Topics covered include its definition, the goals it aims to achieve, and its essential components, such as matrices, tactics, techniques, data sources, mitigations, groups, software, campaigns, and model relationships. Through a case study, you'll explore the real world to illustrate how these components are interconnected. You'll explore the process of prioritizing techniques using cyber threat intelligence (CTI) and assess the effectiveness of current defensive measures. Applying the MITRE ATT&CK Framework Benefits In this course, you will learn how to: Develop a strong foundational knowledge of the MITRE ATT&CK Framework and its components. Apply the framework to real-world cyber threats, such as the SolarWinds supply chain attack. Learn how to map threat intelligence, alerts, and adversary behaviors to ATT&CK. Use ATT&CK-mapped data to make informed and prioritized defensive recommendations. Understand the role of cyber threat intelligence and its practical applications in security. Training Prerequisites Basic knowledge of cybersecurity concepts and terminology is recommended but not required. MITRE ATT&CK Framework Training Outline Chapter 1: Fundamentals of MITRE ATT&CK Framework  MITRE ATT&CK Framework Definition Goal of MITRE ATT&CK Framework Matrices Tactics and Techniques Data Sources Mitigations Groups Software Campaigns MITRE ATT&CK Model Relationships MITRE ATT&CK Model Relationships Example Breakdown of Tactics, Techniques, Procedures, Mitigations, and Detection TeamTNT Mitigations Detection Chapter 2: Mapping SolarWinds Supply Chain Attack to MITRE ATT&CK Framework SolarWinds Compromise Background Information Software Components of SolarWinds Compromise SUNBURST and SUNSPOT Mapping the Indicators to MITRE ATT&CK Framework Loosely Linking Everything Together for SolarWinds ATT&CK Navigator SolarWinds ATT&CK Navigator SolarWinds Attack Timeline Indicators of Compromise (IOC) Mitigations That Might Reduce the Likelihood and/or Impact of Supply Chain Attacks Review of SolarWinds Compromise and Ability to Link to ATT&CK Chapter 3: Mapping Alerts, Adversaries, Behaviors, and TTPs to MITRE ATT&CK Mapping Threat Intelligence to ATT&CK Cyber Threat Intelligence (CTI) and IoBs Analyzing Behavior UEBA Data Sources Data Drawn From Above Sources Snake Malware and Turla CTI Advisories and Alerts Research Advisory and Alert Information Adversary Behavior Volatility Plugin Network Intrusion Detection Systems (NIDS) Host-Based Detection Non-Standard Icon Size and Yara Rule Memory Analysis Practical Research Exercise Initial Analysis Mapping Data to MITRE ATT&CK Compare Results to Improve Mapping Pyramid of Pain Chapter 4: Make Defensive Recommendations From ATT&CK Mapped Data Use Collected and Analyzed Data to Make Initial Recommendations Process for Making Recommendations Ways to Determine Priority of Techniques Using CTI Assess Current Defensive Measures and Their Effectiveness MITRE CAR and D3FEND MITRE’s Cyber Analytics Repository (CAR) MITRE D3FEND MITRE ATT&CK and D3FEND MITRE D3FEND Practical Exercise MITRE D3FEND Practical Exercise Answer Research Additional Defensive Options and Organizational Capabilities/Constraints Consider Tradeoffs for Each Option Sample Pros and Cons of Options Make Recommendations Make Recommendations—Supply Chain Compromise