This presentation from Anomali Detect discusses how you can use ATT&CK for threat intelligence, including a process for mapping intelligence to ATT&CK as well as biases to watch out for as you do this. Slides are also available.
This presentation from Black Hat walks through the story of a fictional organization in order to explain how different teams can use ATT&CK as a powerful force to improve defenses. Slides are also available.
This keynote presentation from the SANS Security Operations Summit discusses a process to gauge a SOC’s detective capabilities as they relate to ATT&CK, including MITRE’s practical experiences and lessons learned.
This presentation from the SANS Enterprise Defense Summit explains how defenders can improve their security posture through the use of adversary emulation by performing their very own ATT&CK Evaluations.
This presentation from the SANS Blue Team Summit provides a red teamer’s perspective to show how ATT&CK is a valuable tool to help red and blue teams work together to improve their defenses. Slides are also available.
This presentation from the SANS CTI Summit presents an overview of how two different organizations use ATT&CK to map adversary behavior and prioritize how you apply that intelligence to defenses. Slides are also available.