Creating Impact in Threat-Informed Defense. Read the Center’s 2022 Impact Report.
M
logo
        • Who We Are

        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage

        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us

        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Semiconductors

        • Dive into the revolutionary work that MITRE Engenuity is doing within this critical ecosystem.

        • Circuit Talk

        • Hear directly from the semiconductor experts through our speaker series featuring titans of industry, groundbreaking researchers, and many more.

        • Cybersecurity

        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations

        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense

        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • MITRE ATT&CK Defender

        • Strengthen your threat-informed defense capabilities with our cybersecurity trainings taught by MITRE ATT&CK subject matter experts.

        • Telecom

        • The transformative power of 5G shifts paradigms across industries and empowers businesses to change the way they interact with people. See how MITRE Engenuity is impacting the next generation of telecommunications. 

        • Open Generation 5G Consortium

        • We are getting to our 5G future faster. Discover how we are accelerating network technology and device-to-device application innovation through use case-focused R&D in the Open Generation 5G Consortium.

        • Health

        • We identify potential health security threats to ensure faster public health pandemic responses and incubate new ideas to ensure national health security.

        • Growing Impact

        • We deliver positive public impact through advanced technological innovation projects.

        • Cyber Risk Model for Mobile Digital Financial Services: Securing Mobile Money Services. Explore Our Cyber Risk Model for Mobile Financial Services product
        • Embedded Capture the Flag: Developing Tomorrow's Cyber Workforce Today. Get Involved with MITRE's Embedded Capture the Flag Competition
        • News & Insights

        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

mitre att&ck defender logo
Join the community of Certified MITRE ATT&CK® Defenders who have proven their real-world mastery in applying the knowledge of adversary behaviors to improve security configurations, analytics and decision-making.
Subscribe

One year of unlimited access to ATT&CK badges and certifications – USD 499

Login (MAD Skills Hub Account)

MAD Enterprise Solutions

Security operations are growing increasingly complex as adversaries become more capable and agile. Defenders need to continually learn new skills to stay ahead of adversaries. Team leaders need to know that their teams didn’t just watch a video they’ll forget later today; they need to know that their teams can put the new skills into action immediately. 

MITRE ATT&CK Defender offers a suite of courses, exercises, and certifications to ensure cyber security teams are fully able to harness the power of the MITRE ATT&CK Framework to improve enterprise security operations. The mix of solutions built for the enterprise include:  

  • Live onsite training at customer site
  • Bulk pricing for our on-demand training and certification platform
  • Live Purple Teaming training at events worldwide 

Learn More About Enterprise Licenses

Live onsite training at customer site

MAD offers a suite of customizable live instructor-led training courses at your location or virtually. Tracks can be customized to meet specific enterprise demands and to provide the skills and validation of mastery in using ATT&CK to understand and create cyber threat intelligence (CTI), assess security operations center (SOC) operations, and coordinate across blue and red teams with a powerful purple teaming approach to improve all aspects of operations.   

The three focus areas of MAD Enterprise are structured around ensuring a common baseline, preparing the team to create and leverage threat intelligence, and applying ATT&CK to improve operations through purple teaming. Learn more about live onsite training.

Course 1: Ensuring a Common Baseline 

Making certain the entire team has a strong understanding and mastery of ATT&CK is the first step. This is accomplished through:  

  • Training the entire team in ATT&CK Fundamentals  
  • Live MAD Professor-led 1 day training course  
  • On-site at company’s facility, live-streamed, or on-site at a MITRE Facility  
  • Pre-planning session with MAD Professor to tailor a training plan to your needs  
Course 2: Prepare the Team to Create and Leverage Threat Intelligence 

ATT&CK is designed to provide a common language across tools regardless of the vendor or specialization. The second phase of MAD enterprise training is designed to ensure teams understand how ATT&CK enables practitioners to understand adversaries better through cyber threat intelligence. Taught through the following topics:  

  • Mapping to ATT&CK® from Narrative Reports  
  • Mapping to ATT&CK® from Raw Data  
  • Storing and Analyzing ATT&CK®-Mapped Data   
  • Making Defensive Recommendations from ATT&CK®-Mapped Data  
Course 3: Application of ATT&CK to Improve Operations through Purple Teaming 

MAD professors work hand-in-hand with your team to understand and operationalize CTI to emulate adversaries and build new ATT&CK-based analytics that is more resilient and effective against changing adversary techniques than traditional IOC-based analytics. This capstone course trains your team to effectively work together using ATT&CK as a common language. Participants will be introduced to:  

  • TTP-based hunt methodology  
  • Deep dives into up to 4 selected adversary techniques  
  • Effective adversary emulation of selected techniques   
  • A virtual environment established for the course (or can be conducted in your own provided environment)  
  • Development of ATT&CK-based analytics that can lead to new methods for detection in your existing systems   

Cost

  • Live, In-person[1] training of your team led by our MAD Professors   
  • ATT&CK Fundamentals: $2,500 / student (minimum 10 students)  
  • ATT&CK CTI: $2,500 / student (minimum 10 students)  
  • ATT&CK Purple Teaming: $62,500 (2.5 days, 3 instructors, maximum 50 students)  
  • MAD Subscriptions for Participants to Ensure They Understand the Materials, and Maintain Their Advantage Over the Next Year  

Highlighted Subject Areas

  • ATT&CK Fundamentals  
  • Cyber Threat Intelligence  
  • Purple Teaming  
  • Adversary Emulation  
  • TTP-Based Hunt Methodology  

[1]Note, in-person training may be delivered on-site at a customer’s facility, on-site at a MITRE facility that can accommodate the class, or online via Microsoft Teams, Zoom, or another capability at the same price. Travel and expenses will be billed additionally as agreed to in the Collaboration Agreement.  

Learn More About Live Onsite Training

Bulk pricing for our on-demand training and certification platform

Bulk pricing for MAD subscriptions is for the purchase of 10 or more subscriptions. Subscriptions provide access to the MAD Skills Hub enabling practitioners to demonstrate their mastery of the materials for a full year. They provide access to the growing library of training, labs,and assessments for the duration of the subscription.  

The curriculum helps security operations apply ATT&CK for cyber threat intelligence, testing and evaluations, and defensive measures.  The curriculum is constantly growing and currently offers training and credentials in the following areas:  

  • ATT&CK Fundamentals 
  • ATT&CK for Cyber Threat Intelligence 
  • ATT&CK for Security Operations Center Assessments 
  • ATT&CK for Adversary Emulation Methodology 
  • ATT&CK for Threat Hunting Detection Engineering 
Request Information About Bulk Pricing

Live Purple Teaming training at events worldwide

Purple Teaming provides a powerful tool to deliver actual improvements to your enterprise security by ensuring red and blue teams work together to improve outcomes. In this 6-hour hybrid hands on training event, our MAD professors work together with your team to help them understand and operationalize CTI to emulate adversaries and build new ATT&CK-based analytics that is more resilient and effective against changing adversaries’ techniques than traditional IOC-based analytics. 

A day of hands-on training from MAD professors on Purple Teaming Fundamentals opens attendees to earning: 

  • The Fundamentals of Purple Teaming Event badge (insert badge image) 
  • Badges for each technique successfully learned  

Participants will be introduced to:  

    • TTP-based hunt methodology  
    • Deep dives into selected adversary techniques  
    • Effective adversary emulation of selected techniques   
    • A virtual environment established for the course 
    • Development of ATT&CK-based analytics that can lead to new methods for detection in your existing systems   
Stay Informed About Upcoming Events
1.1 Introduction to Purple Teaming - 60 min. (+/-)

The team will introduce the event and explain the structure. They will then jump into an introduction to purple teaming. This is followed by an introduction to Kibana. This will prepare you with an understanding for the rest of the training. 

1.2 Deep Dive into Technique #1: Scheduled Tasks - 60 min. (+/-)

Adversaries may abuse task scheduling functionality to facilitate the initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system. 

This time will give hands-on training where attendees will be introduced to effective adversary emulation of the Scheduled Task/Job technique and development of ATT&CK-based analytics. 

1.3 Deep Dive into Technique #2: Credential Dumping - 60 min. (+/-)

Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information. 

This time will give hands-on training where attendees will be introduced to effective adversary emulation of the OS Credential Dumping technique and development of ATT&CK-based analytics. 

1.4 Deep Dive into Technique #3: Symson Tampering - 60 min. (+/-)

Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take the forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. 

This time will give hands-on training where attendees will be introduced to effective adversary emulation of the Impair Defenses technique, specifically the Disable or Modify Tools sub-technique, and development of ATT&CK-based analytics. 

1.5 Final Discussion and Wrap Up - 60 min. (+/-)

The team will allow for any questions and discussion. It will also be a time to wrap up any of the hands-on training. 

Stay Informed

Sign up for news about MITRE Engenuity and the critical technical challenges facing our nation and world.

SUBSCRIBE TO UPDATES
Follow us @MITREattackDef
Get Training on Cybrary