MITRE ATT&CK Training Course
MITRE ATT&CK serves as a comprehensive framework for classifying attacks and evaluating organizational risk through defined tactics and techniques. By highlighting security awareness gaps, it helps identify defensive weaknesses and prioritize potential threats.
This instructor-led live training, available either online or onsite, targets information system analysts aiming to leverage MITRE ATT&CK to mitigate the risk of security breaches.
Upon completion of this training, participants will be capable of:
- Establishing the required development environment to begin implementing MITRE ATT&CK.
- Classifying the ways in which attackers interact with systems.
- Documenting adversary behaviors within system environments.
- Tracking attacks, deciphering patterns, and evaluating existing defensive tools.
Course Format
- Interactive lectures and discussions.
- Extensive exercises and practical application.
- Hands-on implementation within a live lab environment.
Course Customization Options
- To request customized training for this course, please contact us to arrange details.
Course Outline
Introduction
What is Malware?
- Types of malware.
- The evolution of malware.
Overview of Malware Attacks
- Propagating.
- Non-propagating.
Matrices of ATT&CK
- Enterprise ATT&CK.
- Pre-ATT&CK.
- Mobile ATT&CK.
MITRE ATT&CK
- 11 tactics.
- Techniques.
- Procedures.
Preparing the Development Environment
- Setting up a version control center (GitHub).
- Downloading a project that hosts a to-do list system of data.
- Installing and configuring ATT&CK Navigator.
Monitoring a Compromised System (WMI)
- Executing command-line scripts to conduct a lateral attack.
- Utilizing ATT&CK Navigator to identify the compromise.
- Assessing the compromise through the ATT&CK framework.
- Performing process monitoring.
- Documenting and patching vulnerabilities in the defense architecture.
Monitoring a Compromised System (EternalBlue)
- Executing command-line scripts to conduct a lateral attack.
- Utilizing ATT&CK Navigator to identify the compromise.
- Assessing the compromise through the ATT&CK framework.
- Performing process monitoring.
- Documenting and patching vulnerabilities in the defense architecture.
Summary and Conclusion
Requirements
- A solid understanding of information system security.
Audience
- Information systems analysts.
Open Training Courses require 5+ participants.
MITRE ATT&CK Training Course - Booking
MITRE ATT&CK Training Course - Enquiry
MITRE ATT&CK - Consultancy Enquiry
Testimonials (2)
- Understanding that ATT&CK creates a map that makes it easy to see, where an organization is protected and where the vulnerable areas are. Then to identify the security gaps that are most significant from a risk perspective. - Learn that each technique comes with a list of mitigations and detections that incident response teams can employ to detect and defend. - Learn about the various sources and communities for deriving Defensive Recommendations.
CHU YAN LEE - PacificLight Power Pte Ltd
Course - MITRE ATT&CK
All is excellent
Manar Abu Talib - Dubai Electronic Security Center
Course - MITRE ATT&CK
Upcoming Courses
Related Courses
AI-Powered Cybersecurity: Threat Detection & Response
21 HoursThis instructor-led, live training in Romania (online or on-site) is designed for beginner-level cybersecurity professionals who want to learn how to use AI to improve threat detection and response capabilities.
By the end of this training, participants will be able to:
- Understand how AI is applied in cybersecurity.
- Deploy AI algorithms for threat detection.
- Automate incident response using AI tools.
- Incorporate AI into existing cybersecurity infrastructure.
AI-Powered Cybersecurity: Advanced Threat Detection & Response
28 HoursThis instructor-led, live training in Romania (online or onsite) is aimed at intermediate-level to advanced-level cybersecurity professionals who wish to elevate their skills in AI-driven threat detection and incident response.
By the end of this training, participants will be able to:
- Implement advanced AI algorithms for real-time threat detection.
- Customize AI models for specific cybersecurity challenges.
- Develop automation workflows for threat response.
- Secure AI-driven security tools against adversarial attacks.
Blue Team Fundamentals: Security Operations and Analysis
21 HoursThis instructor-led, live training in Romania (online or onsite) is designed for intermediate-level IT security professionals who wish to develop skills in security monitoring, analysis, and response.
Upon completion of this training, participants will be able to:
- Comprehend the role of a Blue Team within cybersecurity operations.
- Utilize SIEM tools for security monitoring and log analysis.
- Identify, analyze, and respond to security incidents.
- Conduct network traffic analysis and gather threat intelligence.
- Implement best practices in Security Operations Center (SOC) workflows.
Bug Bounty Hunting
21 HoursBug Bounty Hunting involves discovering security weaknesses in software, websites, or systems and reporting them responsibly in exchange for rewards or acknowledgment.
This instructor-led live training, available online or onsite, targets beginner-level security researchers, developers, and IT professionals eager to grasp the fundamentals of ethical bug hunting and learn how to join bug bounty programs.
Upon completing this training, participants will be capable of:
- Grasping the fundamental concepts of vulnerability discovery and bug bounty programs.
- Employing essential tools such as Burp Suite and browser developer tools to test applications.
- Detecting prevalent web security flaws, including XSS, SQLi, and CSRF.
- Submitting clear, actionable vulnerability reports to bug bounty platforms.
Course Format
- Interactive lectures and discussions.
- Practical application of bug bounty tools within simulated testing environments.
- Guided exercises centered on discovering, exploiting, and reporting vulnerabilities.
Course Customization Options
- To request a customized training session tailored to your organization's applications or testing requirements, please contact us to arrange.
Bug Bounty: Advanced Techniques and Automation
21 HoursThe course "Bug Bounty: Advanced Techniques and Automation" provides an in-depth exploration of high-impact vulnerabilities, automation frameworks, reconnaissance methodologies, and the strategic tooling employed by top-tier bug bounty hunters.
This instructor-led live training, available both online and onsite, is designed for intermediate to advanced-level security researchers, penetration testers, and bug bounty hunters. Its goal is to help participants automate their workflows, scale their reconnaissance efforts, and identify complex vulnerabilities across multiple targets.
Upon completion of this training, participants will be able to:
- Automate the reconnaissance and scanning processes for multiple targets.
- Utilize state-of-the-art tools and scripts specifically designed for bounty automation.
- Identify complex, logic-based vulnerabilities that go beyond the scope of standard scans.
- Develop custom workflows for subdomain enumeration, fuzzing, and vulnerability reporting.
Course Format
- Interactive lectures and discussions.
- Practical application of advanced tools and scripting for automation.
- Guided laboratory sessions focused on real-world bounty workflows and advanced attack chains.
Course Customization Options
- For customized training tailored to your specific bounty targets, automation requirements, or internal security challenges, please contact us to arrange the details.
CHFI - Certified Digital Forensics Examiner
35 HoursThe vendor-neutral Certified Digital Forensics Examiner certification is designed to train Cyber Crime and Fraud Investigators, equipping students with skills in electronic discovery and advanced investigative techniques. This course is vital for anyone who encounters digital evidence during an investigation.
The Certified Digital Forensics Examiner training covers the methodology for conducting computer forensic examinations. Students learn to apply forensically sound investigative techniques to evaluate the scene, collect and document relevant information, interview key personnel, maintain the chain of custody, and draft findings reports.
The Certified Digital Forensics Examiner course benefits organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proving guilt, or taking corrective action based on digital evidence.
Certified Incident Handler
21 HoursThe Certified Incident Handler course delivers a systematic methodology for managing and responding to cybersecurity incidents with both efficiency and effectiveness.
This instructor-led training, available online or onsite, is designed for intermediate-level IT security professionals seeking to build the tactical expertise required to plan, classify, contain, and manage security incidents.
Upon completing this training, participants will be equipped to:
- Comprehend the incident response lifecycle and its distinct phases.
- Carry out procedures for incident detection, classification, and notification.
- Implement effective strategies for containment, eradication, and recovery.
- Create post-incident reports and plans for continuous improvement.
Course Format
- Interactive lectures and discussions.
- Practical application of incident handling procedures within simulated environments.
- Guided exercises centered on detection, containment, and response workflows.
Customization Options
- For a customized training session tailored to your organization’s specific incident response procedures or tools, please contact us to make arrangements.
Mastering Continuous Threat Exposure Management (CTEM)
28 HoursThis instructor-led, live training in Romania (online or onsite) is designed for intermediate-level cybersecurity professionals looking to implement CTEM within their organizations.
Upon completing this training, participants will be able to:
- Grasp the core principles and stages of CTEM.
- Identify and prioritize risks using CTEM methodologies.
- Integrate CTEM practices into existing security protocols.
- Utilize tools and technologies for continuous threat management.
- Develop strategies to validate and improve security measures continuously.
Cyber Threat Intelligence
35 HoursThis instructor-led, live training in Romania (online or onsite) is aimed at advanced-level cyber security professionals who wish to understand Cyber Threat Intelligence and learn skills to effectively manage and mitigate cyber threats.
By the end of this training, participants will be able to:
- Understand the fundamentals of Cyber Threat Intelligence (CTI).
- Analyze the current cyber threat landscape.
- Collect and process intelligence data.
- Perform advanced threat analysis.
- Leverage Threat Intelligence Platforms (TIPs) and automate threat intelligence processes.
Fundamentals of Corporate Cyber Warfare
14 HoursThis instructor-led, live training in Romania (online or on-site) examines various dimensions of enterprise security, encompassing areas from AI to database security. It also covers the latest tools, processes, and strategic mindsets necessary to protect against attacks.
DeepSeek for Cybersecurity and Threat Detection
14 HoursThis instructor-led, live training in Romania (online or onsite) is aimed at intermediate-level cybersecurity professionals who wish to leverage DeepSeek for advanced threat detection and automation.
By the end of this training, participants will be able to:
- Utilize DeepSeek AI for real-time threat detection and analysis.
- Implement AI-driven anomaly detection techniques.
- Automate security monitoring and response using DeepSeek.
- Integrate DeepSeek into existing cybersecurity frameworks.
Duty Managers Cyber Resilience
14 HoursThis instructor-led, live training in Romania (online or on-site) is designed for intermediate-level duty managers and operational leaders who wish to build robust cyber resilience strategies to safeguard their organizations against cyber threats.
By the end of this training, participants will be able to:
- Comprehend the fundamentals of cyber resilience and their applicability to duty management.
- Formulate incident response plans to ensure operational continuity.
- Recognize potential cyber threats and vulnerabilities within their operating environment.
- Deploy security protocols to reduce risk exposure.
- Manage team responses during cyber incidents and subsequent recovery phases.
Junior Detection Engineer Essentials
21 HoursDetection engineering involves the design, implementation, and refinement of techniques used to identify malicious activities across various systems and networks.
This instructor-led live training, available online or onsite, is designed for entry-level cybersecurity professionals looking to acquire practical skills in creating and tuning security detections.
After completing this training, participants will be equipped with the following capabilities:
- Create effective detection rules and signatures using widely used security tools.
- Analyze logs and telemetry data to spot suspicious activities.
- Leverage threat intelligence to enhance detection logic.
- Fine-tune alerts and minimize false positives within a Security Operations Center (SOC) environment.
Course Format
- Guided instruction combined with practical demonstrations.
- Scenario-based exercises and hands-on analysis.
- Real-world detection development in an interactive lab environment.
Customization Options
- If your organization needs a customized version of this program, please reach out to discuss specific requirements.
Open-Source EDR Fundamentals: Deployment, Detection & Response
14 HoursOpenEDR is an open-source platform designed for endpoint detection and response, delivering continuous telemetry, threat detection, and analysis of adversarial behavior across endpoints.
This instructor-led live training, available both online and onsite, targets beginner to intermediate IT and security professionals looking to deploy, configure, and manage OpenEDR to detect and counter cyber threats effectively.
Upon completing this training, participants will be capable of:
- Deploying and configuring OpenEDR agents and server components to gather telemetry data.
- Conducting fundamental detection and monitoring through OpenEDR dashboards and event views.
- Analyzing endpoint events to spot suspicious activities and potential threats.
- Incorporating OpenEDR alerts into incident response processes and reporting mechanisms.
Course Format
- Interactive lectures and discussions.
- Numerous exercises and practice sessions.
- Practical implementation within a live-lab environment.
Course Customization Options
- To request customized training for this course, please contact us to arrange.
Mastering Open-Source EDR & Mitre ATT&CK for Threat Hunting
21 HoursOpenEDR is an open-source endpoint detection and response platform that offers analytic detection with MITRE ATT&CK visibility for event correlation and root cause analysis of adversarial activity in real time.
This instructor-led, live training (online or onsite) targets advanced-level SOC analysts, threat hunters, and incident responders who wish to design and operate threat-hunting programs using OpenEDR and map detections to the MITRE ATT&CK framework.
By the end of this training, participants will be able to:
- Deploy and configure OpenEDR agents and server components for telemetry collection and analysis.
- Map observable endpoint telemetry to MITRE ATT&CK techniques and build detection logic accordingly.
- Design and execute threat-hunting workflows that use behavioral analytics and event correlation to identify adversarial activity.
- Integrate OpenEDR findings into incident response playbooks and perform root cause analysis.
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.