MITRE ATT&CK®
Whether you're starting a cybersecurity career, pursuing a certification, or defending against evolving threats, Cybrary's training—built around frameworks like MITRE ATT&CK—has you covered.
Align to the MITRE ATT&CK® Framework
Gain insights on how to read and leverage the MITRE ATT&CK Framework to improve your security strategy and map real-world adversary tactics, techniques, and procedures (TTPs) to Cybrary’s custom-designed MITRE ATT&CK matrix.
Gain insights on how to read and leverage the MITRE ATT&CK Framework to improve your security strategy and map real-world adversary tactics, techniques, and procedures (TTPs) to Cybrary’s custom-designed MITRE ATT&CK matrix.
Gain insights on how to read and leverage the MITRE ATT&CK Framework to improve your security strategy and map real-world adversary tactics, techniques, and procedures (TTPs) to Cybrary’s custom-designed MITRE ATT&CK matrix.
Gain insights on how to read and leverage the MITRE ATT&CK Framework to improve your security strategy and map real-world adversary tactics, techniques, and procedures (TTPs) to Cybrary’s custom-designed MITRE ATT&CK matrix.
Threat-Informed Security Training
Detect and mitigate threats with tools, techniques, and attack scenarios aligned to real-world kill chains.
Unsecured Credentials and Domain Accounts
Threat actors use the techniques Unsecured Credentials and Domain Accounts to obtain credential access and gain persistence. In this emulation of how the threat group APT29 would use these techniques, you will get hands-on practice detecting this activity so you can protect your organization from highly sophisticated advanced persistent threats.
Disable Windows Event Log and Timestomp
Sophisticated threat actors like APT29 will use the techniques Disable Windows Event Logging and Timestomp for defense evasion to prevent defenders from seeing their presence on the network. You will detect this nefarious activity in our virtual lab so you can react to advanced attackers and outsmart them.
Compromise Software Supply Chain
Threat actors use the technique Compromise Software Supply Chain by altering software that they know their victims will use. They include a backdoor that will give them access to their victim's network once the software is installed. You will detect this technique in a virtual lab and master how to mitigate this threat.
Ransomware with Recovery Disruption
After an adversary has exfiltrated data from a target system, the potential final stages in an attack include encrypting data for impact and inhibiting system recovery. Learn how to detect endgame ransomware techniques before a threat actor can accomplish their nefarious objective
Using LOLbins for Tool Downloads
LOLbins won't have you laughing when threat actors "live off the land" to leverage tools and capabilities that are already present in the target environment to achieve objectives. Learn how to detect common adversary techniques such as Ingress Tool Transfer in this course.
Automated Archive and Exfiltration
Once an adversary has firmly established access within a target environment and identified data of interest, they want to gather and exfiltrate that data. Learn to detect such late-stage threat actor campaign techniques of automated archive and exfiltration in our hands-on course.
Persistence via Windows Services
Windows Services are the main vehicle used by the Windows OS to start and run background functions that do not require user interaction. Configuring malware to run as a service is a common strategy for trying to blend malicious code execution in with other legitimate Windows functions. Prevent adversaries from gaining persistence in this course.
Local Account Discovery, Creation, and Manipulation
After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!
Strengthen Your Defenses
Be prepared to tackle the latest security threats with threat-informed training.
Cybrary’s exclusive course offerings aligned to the MITRE-ATT&CK Framework will empower you to level up your analytical and hands-on skills.
Adopt innovative strategies for conducting threat hunts, emulating adversaries, enhancing detections, and performing CTI analysis.
Get even more tactical, hands-on experience in our Threat Actor Campaign courses focused on detecting real-world adversary techniques.
FAQs
MITRE ATT&CK Defender (MAD) is no longer available on Cybrary, read the help center article to learn more
No. We’ve helped more than 3 million learners, with varying levels of education and experience, develop their cybersecurity skills and reach their career goals.
No. You won’t need any additional hardware or tools. All of our learning activities can be completed from the comfort of your own browser.
You may cancel your automatic renewal at any time. You will continue to have access to your subscription through the end of your current billing period. Please note that we do not provide refunds for any subscriptions purchased.
We do not offer refunds on previous purchases. Cybrary Insider Pro is available in both monthly and annual subscription options. Should you have questions regarding our refund policy, please contact support@cybrary.it.
Empower Your Team, Protect Your Organization
Empower your team to detect and mitigate cybersecurity threats with Cybrary. Request a demo today for access to hands-on practice labs, assessments, custom content, and more.
