Browse our archive of presentations by MITRE’s ATT&CK team, covering various cybersecurity topics related to ATT&CK. Presented at different conferences, these talks offer valuable insights and expertise from our team members.
Presentations
Dressing in AE Business Attire
Jamie Williams
April 2023
This presentation establishes methods to communicate AE (Adversary Emulation) points of concern and show ROI to non-technical stakeholders, re-framing AE for business goals and needs using the parts of a wheel as a visual demonstration.
Leveraging Campaigns to Untangle the Threat Group Ship of Theseus
Adam Pennington
January 2023
This presentation introduces ATT&CK's newer categorization of Campaigns - a method of classification that more easily enables the tracking of the abilities and sophistication over time, in addition to enabling stakeholders to better identify potential targets based on industry
Objective by the Sea: Drawing Out ATT&CK Techniques in the Wild
Cat Self
November 2022
This presentation provides a high-level explanation of the ATT&CK framework for MacOS and its components, then walks through the application of the ATT&CK framework to a real-world campaign using Pandas as a model. Emphasizes community-driven aspects of ATT&CK.
SANS Threat Analysis Rundown: ATT&CK Campaigns
Katie Nickels
September 2022
This presentation establishes the baseline of a group in ATT&CK and presents the challenge of tracking an adversary's evolution over time. Campaigns, a CTI concept, are introduced as a solution to this, allowing adversary behaviors to be grouped more effectively (using APT29 and the UNC2452 campaign as an example)
ATT&CK and its Impact on the State of Cyber
Jamie Williams
June 2022
This podcast explains how the ATT&CK framework is made, and that its biggest purpose is to provide structure and standardization for everything in cybersecurity that can be so chaotic. Includes personal notes from Jamie Williams of his experiences and how to break into the cybersecurity industry
How to Empower Purple Teaming with the MITRE ATT&CK Framework
Cat Self and Silvan Tschopp
April 2022
This presentation gives an overview of purple teaming in its many forms, the challenges that come with it, and how to apply the ATT&CK framework to organize and give structure to those engagements.
Should Your Red Team Really Care About Detection Data Sources? What ATT&CK Can Show Us
Jamie Williams
April 2022
Explains some inherent problems about purple team engagements, specifically around communication between different parts of the team (CTI, red, blue, etc) and how bridging the gap to "learn to speak their language" can be facilitated using ATT&CK. An example using the tool 'Donut' is used to show how the framework creates those equivalencies in terms of detections and intelligence
Becoming a Yogi on Mac ATT&CK
Cat Self & Adam Pennington
October 2021
This presentation gives an overview of the ATT&CK framework and matrix for MacOS and how to use it, using OceanLotus as an example. Includes a walkthrough of mapping a given technique from a report to the ATT&CK matrix, and highlight areas of desired improvement
Which Came First - The Phish or the Opportunity to Defend Against It
Jamie Williams and Mike Hartley
July 2021
This presentation gives an analysis of preemptive defenses and "defending left" (re: Lockheed Cyber Kill Chain) using the Pre-Exploit techniques added in Enterprise V8 and the integration of purple teaming with 3 lessons learned: Purple to Extend Beyond ATT&CK, Analyze to Uncover Adversary Behaviors, Purple to Refine your Process.
Which Way is the Solar Wind Blowing - CloudSecNext Summit & Training 2021
Jamie Williams and Blake Storm
June 2021
This presentation provides a walkthrough of the SolarWinds attack at each stage of the attack, then shows how each of those steps correspond to portions of the ATT&CK Cloud framework
Adversary Emulation with Jamie Williams
Jamie Williams
May 2021
This podcast gives a high-level introduction to Adversary Emulation and how it differs from pentesting, the criticality of it in a corporation, and how to get started with your in-house security team using the ATT&CK framework as a guiding tool
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
Jamie Williams and Jose Rodriguez
November 2020
This presentation expands on the idea of a "homefield advantage" from the perspective of incident response, and how ATT&CK data sources can be utilized by defenders to better detect malicious behaviors in the environment
Automation: The Wonderful Wizard of CTI (Or Is IT?)
Sarah Yoder and Jackie Lasky
January 2020
This presentation from the SANS CTI Summit explores how automation can be applied to cyber threat intelligence using the Threat Report ATT&CK Mapper (TRAM).
Adaptive Adversary Emulation with MITRE ATT&CK
October 2019
This presentation from the SANS Purple Team Summit looks at moving beyond traditional, rigid adversary emulation by leveraging MITRE ATT&CK.
Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK
Sarah Yoder and Jackie Lasky
October 2019
This presentation from BSidesDC covers an overview of ATT&CK and introduces a new tool for automating mapping to it called the Threat Report ATT&CK Mapper (TRAM).
Turning Intelligence Into Action with MITRE ATT&CK
Katie Nickels and Adam Pennington
October 2019
This presentation from Anomali Detect discusses how you can use ATT&CK for threat intelligence, including a process for mapping intelligence to ATT&CK as well as biases to watch out for as you do this.
Leveraging MITRE ATT&CK for Detection, Analysis & Defense
Adam Pennington
September 2019
This presentation from the RH-ISAC Retail Cyber Intelligence Summit covers all four of the primary ATT&CK use cases, with a focus on detection and analytics, and assessments and engineering.
MITRE ATT&CK: The Play at Home Edition
Katie Nickels and Ryan Kovar
August 2019
This presentation from Black Hat walks through the story of a fictional organization in order to explain how different teams can use ATT&CK as a powerful force to improve defenses.
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own environment for better sleep and a safer tomorrow
Jamie Williams and Sarah Yoder
August 2019
This presentation from BSidesLV covers how to use ATT&CK to take cyber threat intelligence and operationalize it into behaviors that can drive relevant detections.
This keynote presentation from the SANS Security Operations Summit discusses a process to gauge a SOC’s detective capabilities as they relate to ATT&CK, including MITRE’s practical experiences and lessons learned.
Finding Dependencies Between Adversary Techniques
Andy Applebaum
June 2019
This presentation from the Annual FIRST Conference presents different methods of using ATT&CK to find dependencies between adversary techniques to support defense.
Do-It-Yourself ATT&CK Evaluations to Improve Your Security Posture
June 2019
This presentation from the SANS Enterprise Defense Summit explains how defenders can improve their security posture through the use of adversary emulation by performing their very own ATT&CK Evaluations.
APT ATT&CK - Threat-based Purple Teaming with ATT&CK Continued
Jamie Williams and Daniel Weiss
May 2019
This presentation from x33fcon takes a deep-dive into using ATT&CK for purple teaming, including lessons learned from ATT&CK Evaluations.
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
May 2019
This presentation from Sp4rkcon presents an overview of ATT&CK as well as ideas for how you can put it into action for four use cases.
To Blue with ATT&CK-Flavored Love
Jamie Williams
April 2019
This presentation from the SANS Blue Team Summit provides a red teamer’s perspective to show how ATT&CK is a valuable tool to help red and blue teams work together to improve their defenses.
Turning Intelligence into Action with MITRE ATT&CK
Katie Nickels and Adam Pennington
March 2019
This presentation from the FIRST CTI Symposium discusses how you can use ATT&CK for threat intelligence as well as biases to be aware of as you do that.
ATT&CK in Practice: A Primer to Improve Your Cyber-Defense
March 2019
This presentation from RSA covers an overview of ATT&CK as well as key use cases and tools that can be used to convert it into practice.
ATT&CK by Numbers
Andy Applebaum
March 2019
This presentation from BSides NOVA explores a number of different ways to analyze the ATT&CK knowledge base and how organizations might perform similar analyses with their own data.
ATT&CK Your CTI: Lessons Learned from Four Years in the Trenches
Brian Beyer and Katie Nickels
January 2019
This presentation from the SANS CTI Summit presents an overview of how two different organizations use ATT&CK to map adversary behavior and prioritize how you apply that intelligence to defenses.
Advancing a Scientific Approach to Security Tool Evaluations with MITRE ATT&CK
Frank Duff
January 2019
his presentation from Shmoocon discusses the use case of evaluating security tools with ATT&CK. It provides an overview of the approach taken by the ATT&CK Evaluations initiative.
One technique, two techniques, red technique, blue technique
Jamie Williams
November 2018
This presentation from BSides DC explores how you can apply ATT&CK to optimize and harmonize adversarial and defensive cyber operations.
ATT&CKing FIN7: The Value of Using Frameworks for Threat Intelligence
Katie Nickels
October 2018
This presentation from the FireEye Cyber Defense Summit covers the use of ATT&CK as a framework for understanding FIN7 behaviors.
ATT&CKing the Status Quo: Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels and Cody Thomas
September 2018
This presentation from the SANS Threat Hunting Summit shows how you can use ATT&CK to apply threat intelligence to adversary emulation.
Stop, Drop, and Assess Your SOC
Andy Applebaum
August 2018
This presentation from the DEFCON Blue Team Village shows how ATT&CK can be used for Security Operations Center (SOC) assessments.
ATT&CKing the Status Quo: Improving Threat Intelligence and Cyber Defense with MITRE ATT&CK
Katie Nickels & John Wunder
August 2018
This presentation from BSidesLV provides an overview of ATT&CK along with details on two use cases: threat intelligence and analytics.
ATT&CKing with Threat Intelligence
July 2018
This presentation from HOPE provides perspective on how to use threat intelligence for ATT&CK-based adversary emulation.
Threat-based Purple Teaming with ATT&CK
Christopher Korban and Cody Thomas
May 2018
This presentation from x33fcon discusses how purple teams can use ATT&CK as a common language for adversary emulation.
Post-Exploit Threat Modeling with ATT&CK
Andy Applebaum
November 2016
This presentation from BSides Delaware outlines the key features of ATT&CK, describing the tactics, techniques, groups, and software that make up ATT&CK along with a discussion on how it can be used.