A short summary of the conference dedicated to the MITRE ATT&CK community.
MITRE’s ATT&CKcon (v3.0) returned to an in-person event at their headquarters in McLean, Virginia, a little over a month ago (March 29 and 30), and was in-part the inspiration for my last post; MITRE ATT&CK 101.
There was a great list of speakers, including many old colleagues, talking about a range of topics centered on how the ATT&CK framework is leveraged.
You can watch all the talks on-demand here (sign up required). Here are four of my favourites.
Knowledge for the Masses: Storytelling with ATT&CK!
By Ismael Valenzuela and Jose Luis Sanchez Martinez
Creating and sharing compelling stories about cyber threats (with the help of ATT&CK) is a powerful way for raising awareness to enable action against cyber threats.
In this talk Ismael and Jose share their experiences leveraging ATT&CK to disseminate threat knowledge to different audiences by captivating them with a story (Software Development teams, Managers, Threat detection engineers, etc.).
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interactive Intrusion Campaigns
By Jason Wood and Justin Swisher
Security teams need tools and processes that allow the mapping of hands-on adversary tradecraft.
Jason and Justin show how their threat hunting team uses MITRE ATT&CK to understand and categorise adversary activity over time.
It’s Just a Jump to the Left (of Boom): Prioritizing Detection Implementation with Intelligence and ATT&CK
By Lindsay Kaye and Scott Small
A wealth of open-sourced, ATT&CK-mapped, detections and intelligence now exists for security teams.
Lindsay and Scott show how real-world defensive strategies can be strengthened by encompassing a full-spectrum view of this data to ensure that detection efforts are prioritised and focused effectively (with the help of ATT&CK).
Threat Modelling: It’s Not Just for Developers
By Tim Wadhwa-Brown
Most intel teams take public information about threat actors, vulnerabilities, and incidents (and use them to build better defenses).
Tim takes the audience through 3 real world examples where he leveraged such data and how he used ATT&CK information (particularly data sources) to achieve a successful outcome.
Join the Signals Corps on Discord
Join our public community of intelligence analysts and researchers sharing new content hourly.
Turn any blog into structured threat intelligence.
Extract machine readable intelligence from unstructured data.
Know when software you use is vulnerable, how it is being exploited, and how to detect an attack.
View, modify, and deploy SIEM rules for threat hunting.