logo
allArticlesConferencesPresentations

MITRE ATT&CK: The Play at Home Edition

Conference:  BlackHat USA 2019

2019-08-07

Summary

The presentation discusses the use of the ATT&CK framework in cybersecurity and how it can be customized to fit specific use cases.
  • The ATT&CK framework is a useful tool for building a threat library and informing defense strategies.
  • The framework has 244 techniques in the enterprise version, but it can be customized to fit specific use cases.
  • Deloitte has created their own threat library using the ATT&CK framework and added sub-techniques to track threats they care about.
  • The ATT&CK team is working on adding sub-techniques to the framework.
  • Users can add their own techniques to the framework if they don't fit the existing methodology.
The presentation uses the example of a small startup called Froth Li and their cybersecurity challenges to illustrate the use of the ATT&CK framework. The CEO, threat intel team, network defender, and red teamer all face different issues that can be addressed using the framework. The presentation also mentions that the speaker hates printers and will cry if asked to bring something.

Abstract

You've seen the tactics and techniques. You've read the descriptions. However, something is missing…how do you take the theory of MITRE ATT&CK™ and actually DO something with it? At first glance, it is easy to be overwhelmed by the ATT&CK framework. Where do you start? Who should use it? What can you really do with a framework like ATT&CK? Combining the knowledge of an ATT&CK team member with the experience of a security practitioner who has helped implement it, Katie and Ryan will teach you how to take ATT&CK from a cool-sounding idea to a powerful force for creating a threat-informed defense in your company. They will walk the audience through the story of how ATT&CK helped a fictional organization solve real-world-inspired problems that defenders struggle with every day. The presentation will discuss how different teams like threat intelligence analysts, threat hunters, SOC analysts, red teamers, and even executives can use ATT&CK to improve how they track threats and protect against them. Regardless of their role, attendees will learn how they can hit the ground running with ATT&CK on the first day they return home.
Materials:
Slides
Tags:

Post a comment

Related work

Technical Storytelling: How to Build Mission-Focused Threat Emulation Plans

Conference:  RSA Conference 2021
Authors:
2021-05-17

Sponsored Session: Palo Alto Networks

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Ashley Ward, Keith Mokris

ATT&CK® for Adversarial Machine Learning: Tacky or Tasty?

Conference:  RSA Conference 2021
Authors:
2021-05-17

Atomic Red Team: Where Adversary Emulation and EDR Testing Meet

Conference:  RSA Conference 2022
Authors:
2022-06-06

Know Your Enemy: Mapping Security Risks Using Threat Matrix for Kubernetes

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Ram Pliskin, Yossi Weizman
2021-10-14

The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting

Conference:  Black Hat USA 2022
Authors:
2022-08-10