MITRE ATT&CK Training Course
MITRE ATT&CK is a framework of tactics and techniques used to classify attacks and assess an organization's risk. ATT&CK raises awareness of an organization's security posture, identifies gaps in defenses, and prioritises risks.
This instructor-led, live training (available online or on-site) is designed for information system analysts who wish to leverage MITRE ATT&CK to reduce the risk of a security compromise.
By the end of this training, participants will be able to:
- Set up the necessary development environment to begin implementing MITRE ATT&CK.
- Classify how attackers interact with systems.
- Document adversary behaviours within systems.
- Track attacks, decipher patterns, and evaluate existing defence tools.
Course Format
- Interactive lectures and discussions.
- Abundant exercises and hands-on practice.
- Practical implementation in a live lab environment.
Course Customisation Options
- To request a customised training session for this course, please contact us to arrange.
Course Outline
Introduction
What is Malware?
- Types of malware
- The evolution of malware
Overview of Malware Attacks
- Propagating
- Non-propagating
ATT&CK Matrices
- Enterprise ATT&CK
- Pre-ATT&CK
- Mobile ATT&CK
MITRE ATT&CK
- 11 tactics
- Techniques
- Procedures
Preparing the Development Environment
- Setting up a version control system (GitHub)
- Downloading a project that hosts a data-based to-do list system
- Installing and configuring ATT&CK Navigator
Monitoring a Compromised System (WMI)
- Deploying command-line scripts to carry out a lateral attack
- Using ATT&CK Navigator to identify the compromise
- Assessing the compromise through the ATT&CK framework
- Performing process monitoring
- Documenting and patching gaps in the defence architecture
Monitoring a Compromised System (EternalBlue)
- Deploying command-line scripts to carry out a lateral attack
- Using ATT&CK Navigator to identify the compromise
- Assessing the compromise through the ATT&CK framework
- Performing process monitoring
- Documenting and patching gaps in the defence architecture
Summary and Conclusion
Requirements
- A solid understanding of information system security
Target Audience
- Information systems analysts
Open Training Courses require 5+ participants.
MITRE ATT&CK Training Course - Booking
MITRE ATT&CK Training Course - Enquiry
MITRE ATT&CK - Consultancy Enquiry
Testimonials (2)
- Understanding that ATT&CK creates a map that makes it easy to see, where an organization is protected and where the vulnerable areas are. Then to identify the security gaps that are most significant from a risk perspective. - Learn that each technique comes with a list of mitigations and detections that incident response teams can employ to detect and defend. - Learn about the various sources and communities for deriving Defensive Recommendations.
CHU YAN LEE - PacificLight Power Pte Ltd
Course - MITRE ATT&CK
All is excellent
Manar Abu Talib - Dubai Electronic Security Center
Course - MITRE ATT&CK
Upcoming Courses
Related Courses
AI-Powered Cybersecurity: Threat Detection & Response
21 HoursThis instructor-led, live training in Uzbekistan (online or onsite) is aimed at beginner-level cybersecurity professionals who wish to learn how to leverage AI for improved threat detection and response capabilities.
By the end of this training, participants will be able to:
- Understand AI applications in cybersecurity.
- Implement AI algorithms for threat detection.
- Automate incident response with AI tools.
- Integrate AI into existing cybersecurity infrastructure.
AI-Powered Cybersecurity: Advanced Threat Detection & Response
28 HoursThis instructor-led, live training in Uzbekistan (online or on-site) is designed for intermediate to advanced-level cybersecurity professionals seeking to elevate their expertise in AI-driven threat detection and incident response.
By the end of this training, participants will be able to:
- Implement advanced AI algorithms for real-time threat detection.
- Customize AI models to address specific cybersecurity challenges.
- Develop automation workflows for effective threat response.
- Secure AI-driven security tools against adversarial attacks.
Blue Team Fundamentals: Security Operations and Analysis
21 HoursThis instructor-led, live training in Uzbekistan (online or onsite) is aimed at intermediate-level IT security professionals who wish to develop skills in security monitoring, analysis, and response.
By the end of this training, participants will be able to:
- Understand the role of a Blue Team in cybersecurity operations.
- Use SIEM tools for security monitoring and log analysis.
- Detect, analyze, and respond to security incidents.
- Perform network traffic analysis and threat intelligence gathering.
- Apply best practices in security operations center (SOC) workflows.
Bug Bounty Hunting
21 HoursBug Bounty Hunting is the practice of identifying security vulnerabilities in software, websites, or systems and responsibly reporting them for rewards or recognition.
This instructor-led, live training (delivered online or on-site) is designed for beginner-level security researchers, developers, and IT professionals who wish to master the fundamentals of ethical bug hunting and learn how to effectively participate in bug bounty programs.
By the end of this training, participants will be able to:
- Grasp the core concepts of vulnerability discovery and bug bounty programs.
- Leverage key tools such as Burp Suite and browser developer tools for application testing.
- Identify common web security flaws including XSS, SQLi, and CSRF.
- Submit clear, actionable vulnerability reports to bug bounty platforms.
Course Format
- Interactive lectures and discussions.
- Hands-on practice with bug bounty tools in simulated testing environments.
- Guided exercises focused on discovering, exploiting, and reporting vulnerabilities.
Course Customization Options
- To request a customized training session tailored to your organization's specific applications or testing requirements, please contact us to make arrangements.
Bug Bounty: Advanced Techniques and Automation
21 HoursBug Bounty: Advanced Techniques and Automation provides an in-depth exploration of high-impact vulnerabilities, automation frameworks, reconnaissance techniques, and the tooling strategies employed by elite bug bounty hunters.
This instructor-led, live training (available online or on-site) is designed for intermediate to advanced-level security researchers, penetration testers, and bug bounty hunters who aim to automate their workflows, scale their reconnaissance efforts, and uncover complex vulnerabilities across multiple targets.
By the end of this training, participants will be able to:
- Automate reconnaissance and scanning across multiple targets.
- Utilize cutting-edge tools and scripts commonly used in bounty automation.
- Identify complex, logic-based vulnerabilities that go beyond standard scans.
- Develop custom workflows for subdomain enumeration, fuzzing, and reporting.
Course Format
- Interactive lectures and discussions.
- Hands-on practice with advanced tools and scripting for automation.
- Guided labs focused on real-world bounty workflows and advanced attack chains.
Course Customization Options
- To request a customized training session tailored to your specific bounty targets, automation requirements, or internal security challenges, please contact us to make arrangements.
CHFI - Certified Digital Forensics Examiner
35 HoursThe Certified Digital Forensics Examiner vendor-neutral certification is designed to train Cyber Crime and Fraud Investigators, equipping students with advanced electronic discovery and investigation techniques. This course is essential for anyone who encounters digital evidence during an investigation.
The Certified Digital Forensics Examiner training teaches the methodology for conducting computer forensic examinations. Students will learn to apply forensically sound investigative techniques to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain the chain of custody, and prepare a comprehensive findings report.
The Certified Digital Forensics Examiner course benefits organizations, individuals, government offices, and law enforcement agencies that seek to pursue litigation, establish proof of guilt, or take corrective action based on digital evidence.
Certified Incident Handler
21 HoursThe Certified Incident Handler course offers a structured methodology for effectively and efficiently managing and responding to cybersecurity incidents.
This instructor-led, live training (available online or on-site) is designed for intermediate-level IT security professionals seeking to develop the tactical skills and knowledge required to plan, classify, contain, and manage security incidents.
By the end of this training, participants will be able to:
- Understand the incident response lifecycle and its phases.
- Execute procedures for incident detection, classification, and notification.
- Apply containment, eradication, and recovery strategies effectively.
- Develop post-incident reporting and continuous improvement plans.
Course Format
- Interactive lectures and discussions.
- Practical application of incident handling procedures within simulated scenarios.
- Guided exercises focused on detection, containment, and response workflows.
Course Customization Options
- To request a customized training session tailored to your organisation's incident response procedures or tools, please contact us to arrange.
Mastering Continuous Threat Exposure Management (CTEM)
28 HoursThis instructor-led, live training in Uzbekistan (online or onsite) is designed for intermediate-level cybersecurity professionals who aim to implement CTEM within their organizations.
Upon completing this training, participants will be capable of:
- Gaining a clear understanding of CTEM’s core principles and stages.
- Identifying and prioritizing risks through established CTEM methodologies.
- Seamlessly integrating CTEM practices into current security protocols.
- Effectively utilizing tools and technologies dedicated to continuous threat management.
- Creating strategies to continually validate and enhance security measures.
Cyber Threat Intelligence
35 HoursThis instructor-led, live training (online or onsite) targets advanced cybersecurity professionals seeking to understand Cyber Threat Intelligence and develop skills to effectively manage and mitigate cyber threats.
Upon completing this training, participants will be able to:
- Grasp the core principles of Cyber Threat Intelligence (CTI).
- Evaluate the current landscape of cyber threats.
- Gather and process intelligence data efficiently.
- Conduct advanced threat analysis.
- Utilize Threat Intelligence Platforms (TIPs) to automate threat intelligence workflows.
Fundamentals of Corporate Cyber Warfare
14 HoursThis instructor-led, live training in Uzbekistan (online or onsite) covers various aspects of enterprise security, from AI to database security. It also includes coverage of the latest tools, processes and mindset needed to protect from attacks.
DeepSeek for Cybersecurity and Threat Detection
14 HoursThis instructor-led, live training in Uzbekistan (online or onsite) targets intermediate-level cybersecurity professionals seeking to leverage DeepSeek for advanced threat detection and automation.
By the end of this training, participants will be able to:
- Employ DeepSeek AI for real-time threat detection and analysis.
- Apply AI-driven techniques for anomaly detection.
- Automate security monitoring and incident response using DeepSeek.
- Seamlessly integrate DeepSeek into established cybersecurity frameworks.
Duty Managers Cyber Resilience
14 HoursThis instructor-led, live training in Uzbekistan (online or onsite) targets duty managers and operational leaders at an intermediate level who wish to establish robust cyber resilience strategies to protect their organizations from cyber threats.
By the end of this training, participants will be able to:
- Understand the basics of cyber resilience and its relevance to duty management.
- Develop incident response plans to sustain operational continuity.
- Identify potential cyber threats and vulnerabilities within their environment.
- Implement security protocols to minimize risk exposure.
- Coordinate team responses during cyber incidents and recovery processes.
Junior Detection Engineer Essentials
21 HoursDetection engineering involves designing, implementing, and refining methods to identify malicious activities across systems and networks.
This instructor-led, live training (available online or on-site) is designed for beginner-level cybersecurity practitioners seeking to develop practical skills in building and fine-tuning security detections.
Upon completing this training, participants will be equipped to:
- Develop effective detection rules and signatures using common security tools.
- Interpret logs and telemetry data to identify suspicious behaviors.
- Leverage threat intelligence to strengthen detection logic.
- Optimize alerts and minimize false positives within a Security Operations Center (SOC) workflow.
Course Format
- Guided instruction supported by practical demonstrations.
- Scenario-based exercises and hands-on analysis.
- Real-world detection development within an interactive lab environment.
Customization Options
- If your organization requires a tailored version of this program, please contact us to discuss available customization options.
Open-Source EDR Fundamentals: Deployment, Detection & Response
14 HoursOpenEDR is an open-source endpoint detection and response platform that provides continuous telemetry, detection, and analysis of adversarial activity on endpoints.
This instructor-led, live training (online or onsite) is aimed at beginner-level to intermediate-level IT and security professionals who wish to deploy, configure, and operate OpenEDR to detect and respond to cyber threats.
By the end of this training, participants will be able to:
- Deploy and configure OpenEDR agents and server components for telemetry collection.
- Perform basic detection and monitoring using OpenEDR dashboards and event views.
- Analyse endpoint events to identify suspicious activity and potential threats.
- Integrate OpenEDR alerts into incident response workflows and reporting.
Format of the Course
- Interactive lecture and discussion.
- Plenty of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customisation Options
- To request a customised training for this course, please contact us to arrange.
Mastering Open-Source EDR & Mitre ATT&CK for Threat Hunting
21 HoursOpenEDR is an open-source endpoint detection and response platform that provides analytic detection with MITRE ATT&CK visibility for event correlation and root cause analysis of adversarial activity in real time.
This instructor-led, live training (online or onsite) is aimed at advanced-level SOC analysts, threat hunters, and incident responders who wish to design and operate threat-hunting programs using OpenEDR and map detections to the MITRE ATT&CK framework.
By the end of this training, participants will be able to:
- Deploy and configure OpenEDR agents and server components for telemetry collection and analysis.
- Map observable endpoint telemetry to MITRE ATT&CK techniques and build detection logic accordingly.
- Design and execute threat-hunting workflows that use behavioral analytics and event correlation to identify adversarial activity.
- Integrate OpenEDR findings into incident response playbooks and perform root cause analysis.
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.