Using Mitre ATT&CK for Cyber Threat Intelligence Training

Using Mitre ATT&CK for Cyber Threat Intelligence Training

https://attack.mitre.org/resources/training/cti/

Module 1: Introducing training and understanding ATT&CK
Module 2 with Exercise 2: Mapping to ATT&CK from finished reporting

Exercise 2: Mapping from finished reporting

Cybereason Cobalt Kitty Report: we walk through this exercise in the video and slides.

FireEye APT39 Report: we do not walk through this exercise in the video and slides, but if you would like more practice mapping finished reporting to ATT&CK, we recommend you do this exercise on your own.

Module 3 with Exercise 3: Mapping to ATT&CK from raw data

Exercise 3: Working with raw data

Ticket 473822: we walk through this exercise in the video and slides

Ticket 4473845: we walk through this exercise in the video and slides

Module 4 with Exercise 4: Storing and analyzing ATT&CK-mapped intel

Exercise 4: Comparing layers in ATT&CK Navigator

  • Comparing Layers in Navigator
    Provides detailed instructions for using Navigator to compare techniques used by APT39 and Cobalt Kitty (OceanLotus). You may find it useful to print this document (in color if possible) to have it as a reference as you work through the exercise on your screen.
  • APT39 and Cobalt Kitty techniques
    A list of the techniques used by APT39 and Cobalt Kitty (OceanLotus) extracted from the reports in Exercise 2. If you are already familiar with Navigator, you could use these techniques to try to create and compare layers yourself.
Module 5 with Exercise 5: Making ATT&CK-mapped data actionable with defensive recommendations

Exercise 5: Making defensive recommendations

Guided Exercise: we walk through this exercise in the video and slides.

Guides you though steps for making defensive recommendations from ATT&CK techniques with specific questions and assumptions provided for each step.Unguided Exercise: we do not walk through this exercise in the video and slides, but if you would like more practice making defensive recommendations directly related to your own organization, we recommend you do this exercise on your own.

Provides steps for making defensive recommendations from ATT&CK techniques.

 

Federal Government Digital Transformation Services – eProcurement, Tendering and Cloud Market Place.

Federal Government Digital Transformation Services