Threat Hunting using MITRE ATT&CK™ TTPs to Identify Adversarial Behaviors

In today's cybersecurity landscape, many breaches go undetected by traditional security measures that purely hunt for threats based on IOCs such as hashes, IPs and domains. To effectively address this challenge, organizations need to adopt a proactive approach that involves hunting for threats based on the Tactics, Techniques and Procedures (TTPs) that threat actor’s use. TTPs are a more reliable way to identify adversary behavior as indicators such as hashes, IPs and domains are easy to change.

In this workshop, participants learn how to use security analytics products to hunt for threats using TTPs. Participants will assume the role of a security analyst and be asked to identify any undetected threats on AcmeCorp's network. To do this they will make use of MITRE ATT&CK™, which is a knowledge base of adversary behavior based on real-world observations. The challenge is set up with several exercises set around the technical goals the adversary is trying to achieve (ATT&CK™ Tactics), for example, Initial Access, Persistence, Privilege Escalation, Command and Control. Participants will be asked to detect any techniques being used by an adversary to achieve these goals.

In this Fast Track attendees will gain hands-on experience developing and understanding the analytics needed to discover the techniques used by adversaries during a cyber security breach.

Participants who attend this workshop will learn:

• What is the MITRE ATT&CK framework and how it can be used
• What are the TTPs that threat Actor’s use to carry out a breach
• Use EDR Threat Hunting capabilities to uncover threats on the network
• Use SIEM analytics to discovery attacker behavior based on attack techniques
• Use Deceptor technology to find attacker activity and shorten attacker dwell time

Agenda

• 08h00: Welcome - breakfast
• 09h00: Part 1
• 10h20: Break
• 10h50: Part 2
• 12h10: Lunch
• 13h10: Part 3
• 15h10: End

Price: Free

Location:

RodeBol Events
CommunicatieCampus (building 485)
Sint-Denijslaan 485
B-9000 Gent

Additional information:

This is a hands-on workshop where your active participation is necessary. That's why we require you to come with your own laptop.

Due to the hands-on character of the workshop, the number of participants is limited to 8 persons.