Cybersecurity Exercise: Understanding and Applying the MITRE ATT&CK Framework


The aim of this exercise is to familiarize students with the MITRE ATT&CK framework by analyzing various cybersecurity scenarios. By dissecting real-world-like attack narratives, you’ll learn how to identify Tactics, Techniques, and Procedures (TTPs) commonly used by attackers, particularly Advanced Persistent Threats (APTs).


This is a 30-minute exercise broken down into four scenarios, each accompanied by a set of discussion prompts. We’ll reserve the final minutes for a comprehensive group discussion.

How it Works:

  1. Scenario Analysis: For each of the four scenarios provided, read the story carefully.
  2. Identify TTPs: Use the MITRE ATT&CK Framework as a guide to identify relevant tactics, techniques, and procedures depicted in each scenario. You can refer to the MITRE ATT&CK website for an exhaustive list of TTPs.
  3. Class Discussion: After identifying the TTPs, we’ll discuss each scenario using the prompts provided on the slides. This is a great opportunity to share your thoughts, ask questions, and learn from your peers.
  4. Scenario Answers: After the discussion, the answer slide for each scenario will be displayed. This slide will contain identified Tactics, Techniques, and Procedures along with the attack procedures.
  5. Conclusion: In the end, we will have a wrap-up discussion where we summarize key takeaways and discuss how to apply this understanding in real-world cybersecurity tasks.

What You’ll Gain:

  • An understanding of how to dissect a cybersecurity incident to identify its various components.
  • Hands-on experience in applying the MITRE ATT&CK framework, an industry-standard tool.
  • Insight into the multi-faceted nature of cybersecurity attacks and the need for robust, multi-layered defenses.


  • Laptop or Tablet
  • Internet Access for MITRE ATT&CK Framework reference
  • Pen and Paper for note-taking (optional)
Scroll to Top