MITRE ATT&CK Training Course
MITRE ATT&CK is a comprehensive framework of tactics and techniques used to categorize cyberattacks and evaluate an organization’s risk posture. It enhances organizational security awareness by identifying vulnerabilities in defenses and helping to prioritize risks.
This instructor-led, live training (available online or onsite) is designed for information system analysts who want to leverage MITRE ATT&CK to reduce the risk of security breaches.
By the end of this training, participants will be able to:
- Set up the required development environment to begin implementing MITRE ATT&CK.
- Categorize how attackers interact with systems.
- Document adversary behaviors within systems.
- Track attacks, decipher patterns, and evaluate existing defense tools.
Format of the Course
- Interactive lecture and discussion.
- Extensive exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request customized training for this course, please contact us to arrange.
Course Outline
Introduction
What is Malware?
- Types of malware
- The evolution of malware
Overview of Malware Attacks
- Propagating
- Non-propagating
Matrices of ATT&CK
- Enterprise ATT&CK
- Pre-ATT&CK
- Mobile ATT&CK
MITRE ATT&CK
- 11 tactics
- Techniques
- Procedures
Preparing the Development Environment
- Setting up a version control center (GitHub)
- Downloading a project that hosts a to-do list system of data
- Installing and configuring ATT&CK Navigator
Monitoring a compromised system (WMI)
- Instating command line scripts to conduct a lateral attack
- Utilizing ATT&CK Navigator to identify the compromise
- Assessing the compromise through the ATT&CK framework
- Performing process monitoring
- Documenting and patching the holes in the defense architecture
Monitoring a compromised system (EternalBlue)
- Instating command line scripts to conduct a lateral attack
- Utilizing ATT&CK Navigator to identify the compromise
- Assessing the compromise through the ATT&CK framework
- Performing process monitoring
- Documenting and patching the holes in the defense architecture
Summary and Conclusion
Requirements
- An understanding of information system security
Audience
- Information systems analysts
Open Training Courses require 5+ participants.
MITRE ATT&CK Training Course - Booking
MITRE ATT&CK Training Course - Enquiry
MITRE ATT&CK - Consultancy Enquiry
Testimonials (2)
- Understanding that ATT&CK creates a map that makes it easy to see, where an organization is protected and where the vulnerable areas are. Then to identify the security gaps that are most significant from a risk perspective. - Learn that each technique comes with a list of mitigations and detections that incident response teams can employ to detect and defend. - Learn about the various sources and communities for deriving Defensive Recommendations.
CHU YAN LEE - PacificLight Power Pte Ltd
Course - MITRE ATT&CK
All is excellent
Manar Abu Talib - Dubai Electronic Security Center
Course - MITRE ATT&CK
Upcoming Courses
Related Courses
AI-Powered Cybersecurity: Threat Detection & Response
21 HoursThis instructor-led, live training in India (online or onsite) targets entry-level cybersecurity professionals eager to learn how to harness AI to enhance their threat detection and response capabilities.
Upon completing this training, participants will be able to:
- Grasp the applications of AI in cybersecurity.
- Deploy AI algorithms for threat detection.
- Automate incident response using AI tools.
- Integrate AI into current cybersecurity infrastructure.
AI-Powered Cybersecurity: Advanced Threat Detection & Response
28 HoursThis instructor-led, live training in India (online or onsite) is targeted at intermediate to advanced-level cybersecurity professionals who wish to enhance their skills in AI-driven threat detection and incident response.
By the end of this training, participants will be able to:
- Implement advanced AI algorithms for real-time threat detection.
- Customize AI models for specific cybersecurity challenges.
- Develop automation workflows for threat response.
- Secure AI-driven security tools against adversarial attacks.
Blue Team Fundamentals: Security Operations and Analysis
21 HoursThis instructor-led, live training in India (online or onsite) is aimed at intermediate-level IT security professionals who wish to develop skills in security monitoring, analysis, and response.
By the end of this training, participants will be able to:
- Understand the role of a Blue Team in cybersecurity operations.
- Use SIEM tools for security monitoring and log analysis.
- Detect, analyze, and respond to security incidents.
- Perform network traffic analysis and threat intelligence gathering.
- Apply best practices in security operations center (SOC) workflows.
Bug Bounty Hunting
21 HoursBug Bounty Hunting involves finding security weaknesses in software, websites, or systems and reporting them responsibly in exchange for rewards or recognition.
This instructor-led live training, available online or onsite, is designed for beginner-level security researchers, developers, and IT professionals eager to grasp the basics of ethical bug hunting and learn how to engage with bug bounty programs.
Upon completing this training, participants will be able to:
- Grasp the fundamental concepts of vulnerability discovery and bug bounty programmes.
- Utilise essential tools such as Burp Suite and browser developer tools for application testing.
- Identify prevalent web security flaws like XSS, SQLi, and CSRF.
- Submit clear and actionable vulnerability reports to bug bounty platforms.
Course Format
- Interactive lectures and discussions.
- Practical application of bug bounty tools in simulated testing environments.
- Guided exercises centred on discovering, exploiting, and reporting vulnerabilities.
Course Customisation Options
- To request bespoke training for this course tailored to your organization's applications or testing requirements, please contact us to make arrangements.
Bug Bounty: Advanced Techniques and Automation
21 HoursBug Bounty: Advanced Techniques and Automation provides an in-depth exploration of high-impact vulnerabilities, automation frameworks, reconnaissance strategies, and the tooling approaches employed by top-tier bug bounty hunters.
This instructor-led, live training (available online or onsite) is designed for intermediate to advanced-level security researchers, penetration testers, and bug bounty hunters who aim to streamline their workflows, scale their reconnaissance efforts, and uncover complex vulnerabilities across various targets.
Upon completion of this training, participants will be capable of:
- Automating reconnaissance and scanning processes for multiple targets.
- Utilizing state-of-the-art tools and scripts for bounty automation.
- Identifying intricate, logic-based vulnerabilities that go beyond standard scanning capabilities.
- Constructing custom workflows for subdomain enumeration, fuzzing, and reporting.
Course Format
- Interactive lectures and discussions.
- Practical application of advanced tools and scripting for automation.
- Guided labs focused on real-world bounty workflows and advanced attack chains.
Course Customization Options
- To request a customized training session for this course tailored to your specific bounty targets, automation requirements, or internal security challenges, please get in touch to arrange it.
CHFI - Certified Digital Forensics Examiner
35 HoursThe vendor-neutral Certified Digital Forensics Examiner certification is crafted to equip Cyber Crime and Fraud Investigators with skills in electronic discovery and advanced investigative techniques. This course is crucial for anyone who encounters digital evidence during investigative processes.
The Certified Digital Forensics Examiner training instructs participants on the methodology for performing computer forensic examinations. Students will acquire the ability to apply forensically sound investigative techniques to evaluate the scene, collect and document all pertinent information, interview relevant personnel, maintain the chain of custody, and draft findings reports.
The Certified Digital Forensics Examiner course offers significant value to organizations, individuals, government bodies, and law enforcement agencies seeking to pursue litigation, establish proof of guilt, or implement corrective actions based on digital evidence.
Certified Incident Handler
21 HoursThe Certified Incident Handler course equips learners with a structured methodology for managing and responding to cybersecurity incidents with both efficiency and effectiveness.
Delivered through instructor-led live sessions (available online or onsite), this training targets intermediate-level IT security professionals seeking to build the tactical expertise required to plan, classify, contain, and manage security incidents.
Upon completing this training, participants will be capable of:
- Comprehending the incident response lifecycle and its distinct phases.
- Implementing procedures for incident detection, classification, and notification.
- Effectively applying strategies for containment, eradication, and recovery.
- Creating post-incident reports and continuous improvement plans.
Course Format
- Interactive lectures and discussions.
- Practical application of incident handling procedures within simulated scenarios.
- Guided exercises concentrating on detection, containment, and response workflows.
Customization Options
- For organizations wishing to tailor the training to their specific incident response procedures or tools, please contact us to arrange a customized session.
Mastering Continuous Threat Exposure Management (CTEM)
28 HoursThis instructor-led, live training in India (online or onsite) is aimed at intermediate-level cybersecurity professionals who wish to implement CTEM in their organisations.
By the end of this training, participants will be able to:
- Understand the principles and stages of CTEM.
- Identify and prioritise risks using CTEM methodologies.
- Integrate CTEM practices into existing security protocols.
- Utilise tools and technologies for continuous threat management.
- Develop strategies to validate and improve security measures continuously.
Cyber Threat Intelligence
35 HoursThis instructor-led live training in India (online or on-site) targets advanced-level cybersecurity professionals seeking to understand Cyber Threat Intelligence and develop skills to effectively manage and mitigate cyber threats.
By the conclusion of this training, participants will be able to:
- Understand the fundamentals of Cyber Threat Intelligence (CTI).
- Analyze the current cyber threat landscape.
- Collect and process intelligence data.
- Perform advanced threat analysis.
- Leverage Threat Intelligence Platforms (TIPs) and automate threat intelligence processes.
Fundamentals of Corporate Cyber Warfare
14 HoursThis instructor-led, live training in India (online or onsite) examines various dimensions of enterprise security, ranging from AI to database security. It further covers the essential tools, processes, and mindsets required to protect against attacks.
DeepSeek for Cybersecurity and Threat Detection
14 HoursThis instructor-led, live training in India (online or onsite) is aimed at intermediate-level cybersecurity professionals who wish to leverage DeepSeek for advanced threat detection and automation.
By the end of this training, participants will be able to:
- Utilize DeepSeek AI for real-time threat detection and analysis.
- Implement AI-driven anomaly detection techniques.
- Automate security monitoring and response using DeepSeek.
- Integrate DeepSeek into existing cybersecurity frameworks.
Duty Managers Cyber Resilience
14 HoursThis instructor-led, live training in India (online or onsite) is aimed at intermediate-level duty managers and operational leaders who wish to build robust cyber resilience strategies to safeguard their organizations against cyber threats.
By the end of this training, participants will be able to:
- Understand cyber resilience fundamentals and their relevance to duty management.
- Develop incident response plans to maintain operational continuity.
- Identify potential cyber threats and vulnerabilities within their environment.
- Implement security protocols to minimize risk exposure.
- Coordinate team response during cyber incidents and recovery processes.
Junior Detection Engineer Essentials
21 HoursDetection engineering involves creating, implementing, and fine-tuning strategies to spot malicious activities across systems and networks.
This instructor-led live training, available online or onsite, is designed for entry-level cybersecurity professionals eager to develop practical skills in constructing and refining security detections.
By the end of this training, participants will be equipped with the capabilities to:
- Craft effective detection rules and signatures using standard security tools.
- Analyse logs and telemetry data to pinpoint suspicious behaviour.
- Leverage threat intelligence to enhance detection logic.
- Refine alerts and reduce false positives within a SOC workflow.
Course Format
- Guided instruction accompanied by practical demonstrations.
- Scenario-based exercises and hands-on analysis.
- Building real-world detections in an interactive lab environment.
Customisation Options
- Should your organisation require a bespoke version of this programme, please get in touch to discuss customisation possibilities.
Open-Source EDR Fundamentals: Deployment, Detection & Response
14 HoursOpenEDR is an open-source Endpoint Detection and Response (EDR) platform that delivers continuous telemetry, detection, and analysis of adversarial activities on endpoints.
This instructor-led live training (available online or onsite) is designed for beginner to intermediate-level IT and security professionals who aim to deploy, configure, and operate OpenEDR to detect and respond to cyber threats.
Upon completing this training, participants will be able to:
- Deploy and configure OpenEDR agents and server components for telemetry collection.
- Conduct basic detection and monitoring using OpenEDR dashboards and event views.
- Analyze endpoint events to identify suspicious activity and potential threats.
- Integrate OpenEDR alerts into incident response workflows and reporting mechanisms.
Course Format
- Interactive lectures and discussions.
- Extensive exercises and practical practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request customized training for this course, please contact us to arrange accordingly.
Mastering Open-Source EDR & Mitre ATT&CK for Threat Hunting
21 HoursOpenEDR is an open-source endpoint detection and response platform that offers analytic detection with MITRE ATT&CK visibility for event correlation and root cause analysis of adversarial activity in real time.
This instructor-led, live training (available online or onsite) targets advanced-level SOC analysts, threat hunters, and incident responders who wish to design and operate threat-hunting programs using OpenEDR and map detections to the MITRE ATT&CK framework.
By the end of this training, participants will be able to:
- Deploy and configure OpenEDR agents and server components for telemetry collection and analysis.
- Map observable endpoint telemetry to MITRE ATT&CK techniques and build detection logic accordingly.
- Design and execute threat-hunting workflows that use behavioral analytics and event correlation to identify adversarial activity.
- Integrate OpenEDR findings into incident response playbooks and perform root cause analysis.
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.