Using the ATT&CK Framework to Mature Your Threat Hunting Program

September 20, 2018 1:00PM EDT

Every threat hunt starts with intelligence. As one of the industry’s most comprehensive knowledge bases for adversary behavior, ATT&CK provides a structure for hunters to build their hypotheses and search for threats.

Join Carbon Black, Red Canary and MITRE for "Using the ATT&CK Framework to Mature Your Threat Hunting Program" to learn how to use ATT&CK to:

  • Increase the efficacy of your threat hunting program
  • Hunt for adversary tactics and techniques across the ATT&CK matrix
  • Develop a hypothesis and test it against known techniques
  • Obtain a broader set of evidence by hunting for adversarial techniques rather than specific signatures



Phil Hagen

Sr. SANS Instructor & DFIR Strategist
Red Canary



Rick McElroy

Security Strategist
Carbon Black



John Wunder

Principal Cybersecurity Engineer