By: Hugh Shepherd
June 19, 2020
Application of the MITRE Attack Framework
By: Hugh Shepherd
June 19, 2020
The "Application of the MITRE ATT&CK Framework" course by Cybrary is an excellent training offering. The course covers how to apply the attack framework to mitigate cyber threats. During the course, the 12 core areas of the MITRE ATT&CK Framework are discussed in detail. Also, learners will get detailed explanations of the various attack vectors used by threat actors and mitigations that can be applied to mitigate real-world threats.
ATT&CK, which stands for Adversarial Tactics, Techniques, and Common Knowledge, is a project started in 2013 by MITRE to document tactics, techniques, and procedures (TTPs) commonly used by advanced persistent threat actors. It was created as a model to document and track the techniques that attackers use during the phases of a cyber-attack to breach an organization’s defenses. The current version of the ATT&CK framework is organized into 12 core tactical areas, each comprising numerous techniques. The 12 core tactical areas cover:
- Initial Access
- Privilege Escalation
- Defense Evasion
- Credential Access
- Lateral Movement
- Command and Control
The course is well organized and provides a solid foundation for penetration testers. The professor successfully made an otherwise dry topic quite interesting, by combining his lecture with appropriately thought-provoking questions, and practical examples from experience. The framework is well structured and has a good progression. I recommend taking notes during the course, which is easy to follow and goes quickly due to the professor’s relaxed teaching style.
The course contains a series of lectures, real world-examples, professional insights, and experiences to help facilitate the learning experience. Additionally, each module includes learning checks that help to reinforce key concepts from the lectures.
In my opinion, this is a great course. I found the lectures to be remarkably interesting and easy to follow. This is a beginner level course that runs roughly 8.5 hours (10 CEU/CPE). The course is well designed in that it is both appealing and appropriate for both technical and non-technical audiences. However, participants should have a basic understanding of technical terminology, terminology in association with controls, and terminology in association with risk reduction to help absorb and apply the learning more effectively.
After completing the course, students should have gained an understanding of the activities that support the 12 core areas of the MITRE ATT&CK Framework and how to apply them in real-world scenarios.
Cybrary offers other learning resources related to threat intelligence and enterprise risk reduction. If you would like to get started learning more about these areas, you can explore and sign-up for more threat intelligence and enterprise IT governance learning resources provided by Cybrary.
This course may help you develop as a cybersecurity professional and potentially prepare for certification by:
Learning one of the most important and widely used threat intelligence tools for cybersecurity professionals.
Learning an essential framework for IT and cybersecurity professionals to stay current with the industry and ahead of adversaries.
Learning a means for sharing cyber threat intelligence in common and standardized language to reduce the risk of cyberattacks to organizations.