The ATT&CK Framework provides a common language for Cybersecurity professionals to use when describing adversary Tactics, Techniques, and Procedures. It is a growing standard across the Cybersecurity community being used in threat reporting, sensor configurations, analytics and more. In this session we will go over the fundamentals of the ATT&CK Framework, explore its parts and pieces, enumerate some common use cases, and walkthrough some tools we can use when working with it.
Trainer
Sean Whitley is a Cyber Operations Lead at the MITRE Corporation and has a master’s degree in Information Security and Assurance. He has worked in the cyber defense domain for nine years, authored several papers on cyber hunting and TTP based defense, and is a contributor to the MITRE ATT&CK Defender (MAD) series of courses. Most of his time at MITRE has been spent using the ATT&CK framework to develop more effective analytics and detection methods. He also works with various organizations to help them adopt the ATT&CK framework and has been a contributor and lead of the Cyber Analytic Repository.