Explore a comprehensive conference talk on leveraging the MITRE ATT&CK framework to enhance threat intelligence and cyber defense capabilities. Delve into techniques, challenges, and industry examples while learning how to structure attacks, analyze threat groups, and implement effective detection strategies. Gain insights on handling false positives, utilizing machine learning, and creating feedback loops for improved targeting. Discover practical tips for getting started with MITRE ATT&CK, managing analytics, and addressing common issues such as misattribution and attack similarities. Enhance your understanding of cyber defense priorities and learn how to navigate the increasing amounts of data in the field.
ATT&CKing the Status Quo - Improving Threat Intel and Cyber Defense with MITRE ATT&CK
Overview
Syllabus
Introduction
Techniques
Challenges
Attack to Structure
Threat Groups
Industry Examples
Implementation Tips
What does this get us
The biggest problem in detection
Detection based on indicators
Analytics
Splunk Search
Understanding the Attack
Being Realistic
Handling False Positives
Machine Learning
Feedback loops
Targeting detection
Focus on your priorities
Increasing amounts of data
Getting started
MITRE Attack
Questions
Similarities
Similar Attacks
Misattribution
Attack for attribution
Managing analytics
Unfetter
Taught by
BSidesLV
