Objective:
The aim of this exercise is to familiarize students with the MITRE ATT&CK framework by analyzing various cybersecurity scenarios. By dissecting real-world-like attack narratives, you’ll learn how to identify Tactics, Techniques, and Procedures (TTPs) commonly used by attackers, particularly Advanced Persistent Threats (APTs).
Duration:
This is a 30-minute exercise broken down into four scenarios, each accompanied by a set of discussion prompts. We’ll reserve the final minutes for a comprehensive group discussion.
How it Works:
- Scenario Analysis: For each of the four scenarios provided, read the story carefully.
- Identify TTPs: Use the MITRE ATT&CK Framework as a guide to identify relevant tactics, techniques, and procedures depicted in each scenario. You can refer to the MITRE ATT&CK website for an exhaustive list of TTPs.
- Class Discussion: After identifying the TTPs, we’ll discuss each scenario using the prompts provided on the slides. This is a great opportunity to share your thoughts, ask questions, and learn from your peers.
- Scenario Answers: After the discussion, the answer slide for each scenario will be displayed. This slide will contain identified Tactics, Techniques, and Procedures along with the attack procedures.
- Conclusion: In the end, we will have a wrap-up discussion where we summarize key takeaways and discuss how to apply this understanding in real-world cybersecurity tasks.
What You’ll Gain:
- An understanding of how to dissect a cybersecurity incident to identify its various components.
- Hands-on experience in applying the MITRE ATT&CK framework, an industry-standard tool.
- Insight into the multi-faceted nature of cybersecurity attacks and the need for robust, multi-layered defenses.
Resources:
- Laptop or Tablet
- Internet Access for MITRE ATT&CK Framework reference
- Pen and Paper for note-taking (optional)