Free

MITRE ATT&CK Defender™ ATT&CK® Threat Hunting

Do you want to learn the MITRE ATT&CK methodology for Threat Hunting? In this MITRE ATT&CK® Defender™ (MAD) Threat Hunting course, you’ll learn how to leverage the MITRE ATT&CK framework to develop hypotheses and analytics that enable you to hunt real-world threats and improve your cybersecurity.
4
42
M
Time
intermediate
difficulty
5
ceu/cpe

Course Content

Validating Configuration

7m

Identifying and Mitigating Data Collection Gaps
Communicating with Network Managers

8m

Identifying and Mitigating Data Collection Gaps
Using Alternative Data Sources and Analytics

8m

Identifying and Mitigating Data Collection Gaps
Developing a Sensor Strategy

13m

Identifying and Mitigating Data Collection Gaps
Time, Terrain, and Behavior Considerations

10m

Identifying and Mitigating Data Collection Gaps
Identifying Gaps

13m

Identifying and Mitigating Data Collection Gaps
Module 3 Knowledge Check

5m

Determining Data Requirements
Diving into Data Sources

14m

Determining Data Requirements
Balancing Data Requirements

8m

Determining Data Requirements
Module 2 Knowledge Check

5m

Developing Hypotheses and Abstract Analytics
Leveraging External Resources for Analytics

5m

Developing Hypotheses and Abstract Analytics
Creating Abstract Analytics

2m

Developing Hypotheses and Abstract Analytics
Refining Hypotheses

8m

Developing Hypotheses and Abstract Analytics
Investigating Low-Variance Behaviors

6m

Developing Hypotheses and Abstract Analytics
Researching Low-Variance Behaviors

3m

Developing Hypotheses and Abstract Analytics
Finding Low-Variance Behaviors

7m

Developing Hypotheses and Abstract Analytics
Hypotheses Considerations

7m

Developing Hypotheses and Abstract Analytics
Developing Hypotheses

8m

Developing Hypotheses and Abstract Analytics
Module 1 Knowledge Check

5m

Threat Hunting Fundamentals
Methodology Overview

8m

Threat Hunting Fundamentals
Prioritization

13m

Threat Hunting Fundamentals
TTP-Based Detection

14m

Threat Hunting Fundamentals
Detection Approaches

16m

Threat Hunting Fundamentals
Course Description

Who should take this course?

This course is designed for experienced and skilled cybersecurity practitioners who are interested in hunting real-world threats to improve cybersecurity effectiveness.

What are the prerequisites for this course?

You will gain the most benefit from this course if you have mastered the following:

  • MITRE ATT&CK® Defender™ (MAD) ATT&CK Fundamentals Training
  • Familiarity with Windows
  • Familiarity with a SIEM tool like Splunk or ELK
  • Proficient in basic networking fundamentals (OSI Model and TCP/IP)
  • Why should I take this course?

    In this course, you will gain the following capabilities:

  • Gain foundational education and training on TTP-based hunting
  • Define adversarial behavior of interest
  • Articulate hypotheses and analytics that drive information needs and data collection requirements
  • Refine hypotheses and analytics to power your hunting efforts
  • Determine Data Requirements
  • Identify and Mitigate Data Collection Gaps
  • Implement and Test Analytics
  • Hunt/Detect Malicious Activity and Investigate It
  • What makes this course different from other courses on similar topics?

    This course is part of the MITRE ATT&CK® Defender™ (MAD) cybersecurity training and certification program produced by MITRE's own subject matter experts. The lead instructor for this course, Steve Luke, is one of the authors of this methodology at MITRE and is truly an expert in this field. You will be learning how to leverage ATT&CK for threat hunting from the people who created the ATT&CK framework.

    Why should I take this course on Cybrary and not somewhere else?

    This course enables you to learn from the foremost experts in the field, and our on-demand format affords you the flexibility to learn at your own pace.

    This course is part of a Career Path:
    No items found.

    Instructed by

    Instructor
    Antonia Feffer

    Before joining MITRE, Antonia served as a Cyber Warfare Officer in the United States Army, and she continues to work on innovative research and real-world problem sets that aim to advance the state of cyberspace operations and cyber threat hunting. Antonia earned her B.S. in Electrical Engineering from the United States Military Academy, and her Master of Science (S.M.) from the Massachusetts Institute of Technology in Electrical Engineering and Computer Science.

    Instructor
    Steve Luke

    Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. He is one of the MAD Professors for the Threat Hunting course.

    Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. He served as an officer in the United States Air Force prior to joining MITRE in 2005.

    Instructor
    Sean Muehlenhardt Whitley

    While studying for his Master's degree, Sean conducted research on methods for securing Android devices. Once he joined MITRE in 2012, he began researching methods for detecting Advanced Persistent Threats using what would later become known as the ATT&CK Framework. Since that time, he has been a major contributor to the Cyber Analytic Repository, worked with sponsors across MITRE’s work program on using ATT&CK, and has authored MITRE papers on using ATT&CK and Cyber Hunting. He currently lives in Germany, supporting projects in Europe and Africa, in addition to authoring training videos for MITRE Engenuity. In his free time, he enjoys kiteboarding, boardgames, and tabletop wargaming.

    Sean holds a Bachelor's degree in Information Science from Christopher Newport University and a Master’s degree in Information Security and Assurance from George Mason University. He has spent his entire professional career working for the MITRE Corporation, to include supporting its sponsors as well as occasionally working with partners from other nations in developing their cyber capabilities.

    Provider
    Cybrary Logo
    Certification Body
    MITRE Engenuity
    Certificate of Completion

    Complete this entire course to earn a MITRE ATT&CK Defender™ ATT&CK® Threat Hunting Certificate of Completion