We are organising this exclusive 2-day course for security professionals who want to take the next steps in improving their cyber defense skills. For organisations it is crucial to know how good they are at defending themselves against cyber attacks. Do you know the effectiveness of your current lev el of cyber defense and where you could improve?
The MITRE ATT&CK framework allows you to answer these and many more questions, and enables you to start making the right improvements. ATT&CK is an online knowledge base of adversary behaviours based on real-world observations.
This training is powered and delivered by:
The experts Marcus Bakker, MBSecure & Ruben Bouman, Sirius Security
What will you learn?
In this training you will dive deep into MITRE ATT&CK and learn how to use the ATT&CK framework to strengthen your cyber defense significantly. The ultimate goal is to defeat attacks targeting your organisation. A large part of the training consists of practical and realistic lab assignments that can immediately be applied within your organisation. Topics that will be covered are: attack techniques, data log sources and their quality, detection coverage, prioritising your cyber defense efforts, threat intelligence and more.
Who should attent?
The training is optimally suited for:
- People that work within a SOC/CDC/Blue Team (analysts, engineers, SOC manager, etc.) who want to extend their skills and knowledge on cyber defense.
- Red teamers and people with an offensive background (e.g. penetration testers) who want to learn more about cyber defense.
- Security professionals and -officers, that work for example within a CISO department, and want to learn how ATT&CK can be used to improve resilience against cyber attacks.
It is required to have technical IT knowledge and a reasonable level of security knowledge.
Key learning objectives
In this training you will learn:
- How ATT&CK can help you to improve and prioritise your defense efforts.
- Key concepts of cyber defense:
- Pyramid of Pain
- Cyber kill chain
- Tactics, Techniques and Procedures (TTPs)
- How to assess and score the data quality of your data log sources.
- How to get insight in your visibility coverage (what can you see of attacker behaviours in your data log sources) and how you can use that knowledge to make the right improvements.
- To map, score and improve your detection capabilities.
- How to leverage threat intelligence to push forward your level of cyber defense.
This two-day course is packed with knowledge and hands-on lab assignments. The key topics that will be covered are:
- What is MITRE ATT&CK?
- A short history of ATT&CK
- Introduction to some key concepts:
- Pyramid of Pain
- Cyber kill chain in relation to MITRE ATT&CK
- TTPs: Tactics, Techniques and Procedures
- Labs with hands-on assignments on ATT&CK and the ATT&CK Navigator.
Deep dive into ATT&CK:
- Attack techniques
- Data sources
- Groups (threat intelligence)
- Leverage threat intelligence to prioritise defense efforts.
- An overview of DeTT&CT
Deep dive into data sources and visibility coverage.
- Mapping your data sources to ATT&CK
- Scoring the data quality of your data sources
- Discovering traces of ATT&CK techniques in your data log sources
- Identifying gaps in your visibility coverage
- Labs with hands-on assignments to get acquainted with DeTT&CT.
- Deep dive into detection coverage with the help of ATT&CK and DeTT&CT.
- Map your detection capabilities to ATT&CK
- Score the effectiveness of your detections
- Identify the gaps in your detection coverage
- Determine where and how your detections can be improved
- Labs with hands-on assignments on mapping and scoring detections.
Deep dive into threat intelligence.
- Key concepts of threat intelligence
- How to use ATT&CK in relation to threat intelligence
- Automatically map threat intelligence reports to ATT&CK
- Labs with hands-on assignments on threat intelligence.
- Deep dive in prioritising your defense efforts.
- ATT&CK emulation.
- Use STIX/TAXII to analyse ATT&CK in order to answer questions and integrate it in your own tooling.
BCN Arena, Next to Amsterdam Arena Trainstation
Atlas Arena Complex
Building Azië - 5th level
1101 BA Amsterdam
Phone: 020 - 5 677 980
This event meets the requirements of CISSP, CISA and CISM with regard to obtaining certification points. You will receive 16 CPE points for participation in this event. After the event, you will receive a proof of participation by e-mail, After the event, you will receive a proof of participation by e-mail, provided when you set your initials when you enter and leave the event each day.
For this two day training we charge € 1200,- per participant, excluding taxes.
The course material is written in English. The training can be provided in either Dutch or English. If one or more attendee requests the training in English, the training will be given in English. Please bring your own laptop to the training and ensure it is capable of connecting to a remote system over RDP.
|Day 1 and 2||Part|
|9:00 - 12:00||Training part 1|
|12:00 - 13:00||Lunch|
|13:00 - 17:00||Training part 2|
|Price for two days all inclusive||€ 1200,-|
|Location||BCN Amsterdam Arena|
Marcus is a passionate IT Security professional with nine years of experience. Marcus loves solving complex problems using creative and innovative ideas and putting them into practice. Marcus enj..
Ruben is a security specialist and co-owner of Sirius Security. He has almost 10 years of experience in cyber security such as cyber defence / blue teaming, fraud investigations, malware analysis, for..