Operationalizing the MITRE ATTCK Framework

Learn about operationalizing the MITRE ATT&CK Framework in this conference talk from BSides Cleveland 2019. Explore the ATT&CK background, taxonomy, and its utility for penetration testing. Discover existing tools and identify gaps in the ATT&CK ecosystem. Delve into practical examples, including DLL techniques and payload deployment with Ansible. Examine the speaker's proposed analytical model for defense, its implementation, and potential confounding variables. Gain insights into future work and participate in a Q&A session to deepen your understanding of applying the ATT&CK framework in real-world scenarios.

Intro
Overview
ATT&CK Background
ATT&CK Taxonomy
Useful Technique Data
Utility of ATT&CK for Penetration Testing - Research question: How many techniques directly applicable to
Existing Tools for ATT&CK
What tools do not exist...
Quick Aside on Student Competitions
Needs Requirement
ATT&CK Techniques Considered (2)
DLL Hello World
DLL Shenanigans
Payloads (1)
Deployment with Ansible
Technique Success?
Switching to Defense
Proposed Analytical Model
Example
Implementation
Model Success... or Lack Thereof
Confounding Variables
Future Work
QUESTIONS?