MITRE ATT&CK Defender™ ATT&CK® Adversary Emulation

Who should take this course?

This course is designed for experienced and skilled cybersecurity practitioners who are interested in emulating real-world threats to assess cybersecurity effectiveness.

What are the prerequisites for this course?

You will gain the most benefit from this course if you have mastered the following:

• MITRE ATT&CK® Defender™ (MAD) ATT&CK Fundamentals Training
• Proficient in administering Windows and Linux systems from the command line
• Proficient in basic networking concepts (OSI Model and TCP/IP)
• Proficient in Virtual Machine software such as VMWare or VirtualBox
• Familiar with common red team/pentester software and techniques (examples: Kali Linux distribution, Metasploit, Nmap, Mimikatz, etc.)

Why should I take this course?

In this course, you will gain the following capabilities:

• Understand cyber adversary emulation’s purpose, its characteristics, and common use
• cases.
• Leverage the MITRE ATT&CK Framework to inform adversary emulation planning activities, including defining engagement objectives, scope, and rules of engagement.
• Use cyber threat intelligence to select emulated threats of salient interest to the sponsor organization.
• Implement adversary emulation tactics, techniques, and procedures (TTPs) based on real-world cyber threats.
• Execute adversary TTPs to assess and improve cybersecurity, while balancing realism against time and safety constraints.
• Use the MITRE ATT&CK Framework to communicate adversary emulation activities, findings, and recommendations for improvement.

What makes this course different from other courses on similar topics?

This course is part of the MITRE ATT&CK® Defender™ (MAD) cybersecurity training and certification program produced by MITRE's own subject matter experts. The lead instructor for this course, Michael C. Long II, is a principal cyber adversary emulation engineer at MITRE and is truly an expert in this field. You will be learning how to leverage ATT&CK for adversary emulation from the people who created the ATT&CK framework.

Why should I take this course on Cybrary and not somewhere else?

This course enables you to learn from one of the foremost experts in the field, and our on-demand format affords you the flexibility to learn at your own pace.

• Adversary Emulation Fundamentals
• Adversary Emulation Course Introduction
• Introducing Adversary Emulation
• Adversary Emulation Overview
• Adversary Emulation Framework
• Defining Engagement Objectives
• Introducing the Adversary Emulation Plan
• Lab: Touring the CTID Adversary Emulation Library
• Optional Lab: Setting up Your Own Lab Environment
• Executing the FIN6 Adversary Emulation Plan (Lab 1.3)
• Researching Adversary TTPs
• Adversary Emulation - Welcome to Module 2
• Researching Adversary TTPs
• Selecting the Emulated Threat
• Selecting the Emulated TTPs
• Constructing the TTP Outline
• Addressing Intelligence Gaps
• Adversary Emulation Planning
• Planning Overview
• Defining Scope, Rules of Engagement, and Approving Authorities
• Implementing Adversary TTPs
• Implementing TTPs Overview
• TTP Implementation Process
• Planning TTP Implementations (Lab 4.1 Overview)
• Planning TTP Implementations (Lab 4.1 Walkthrough)
• Implementing Adversary TTPs (Lab 4.2 Overview)
• Implementing Adversary TTPs (Lab 4.2 Walkthrough)
• Automating Adversary TTPs (Lab 4.3 Overview)
• Automating Adversary TTPs (Lab 4.3 Walkthrough)
• Identifying Detections and Mitigations (Lab 4.4 Overview)
• Identifying Detections and Mitigations (Lab 4.4 Walkthrough)
• Executing Adversary TTPs
• Executing Adversary TTPs Overview
• Dealing with Unexpected Situations
• Documenting Adversary Emulation Activities
• Developing an Adversary Emulation Plan (Lab 5.1 Overview)
• Developing an Adversary Emulation Plan (Lab 5.1 Walkthrough)
• Adversary Emulation Course Wrap-up