Topic: Knowledge is Power: Aligning Threat Intelligence to the MITRE ATT&CK Framework
This presentation will show how to align threat intelligence with the MITRE ATT&CK Framework. Specifically, we will show how to automate the application of threat intelligence to the ATT&CK Framework using Recorded Future. First, we will show the various ways to bring the ATT&CK framework and ATT&CK data into Recorded Future. Second, we will create a list of threat actors and automatically break down the TTPs from their attacks over the last two years into the ATT&CK Tactics Categories. Third, we will show a way to research an individual threat actor group, APT28, using IOCs associated with that actor and also place them into the ATT&CK Tactics Categories. Finally, we will demonstrate the flexibility and dynamism of our approach by taking submissions from the audience(!) for threat actors and do the above on the fly. Our approach allows an organisation to automate connections between threat actors and threat intelligence, quickly and more easily research the threat actors they care about using ATT&CK, and prioritise their resources in ways that make sense based on the ATT&CK Framework.
Mr. Michael Passaro
As a lawyer turned online educator turned cyber security geek, Mike has developed a unique perspective when it comes to security trainings. When he’s not flying around the world teaching cyber security skills, he’s analyzing the fastest way to level from 1-60 in vanilla WoW, guitar shredding to the latest melodic death metal tunes, or finding the best surf spots on a beach break. On a mission to help people become better cyber security professionals, Mike is focused on creating trainings where the answers aren’t necessarily important; but the thought process and techniques you used to get those answers is. Described by his therapist as “never boring,” Mike facilitates dynamic trainings featuring intelligent analogies, quirky stories, and old Simpsons quotes to help bring context and engagement to the content.