Practical MITRE ATT&CK

This one-day course covers practical use cases for development of cyber security capabilities in modern organizations with the help of MITRE ATT&CK framework. Trainees will learn to use MITRE ATT&CK in threat modeling, developing security analytics, planning red and purple team exercises and in many other areas. With the help of practical exercises, they will also learn to use multiple specialized tools for working with the framework.


  1. Introduction to MITRE ATT&CK
    • History and development
    • Components of ATT&CK and how they may be used
    • Other relevant frameworks and models and their connection to ATT&CK (D3FEND, DeTT&CT, RE&CT, …)
  2. Use of MITRE ATT&CK in security management and security architecture
    • Threat modeling with the help of ATT&CK framework
    • Mapping of existing security controls to different ATT&CK Matrices
    • MITRE ATT&CK Navigator, its capabilities and use
  3. Use of MITRE ATT&CK in defensive security
    • MITRE ATT&CK as a basis for security monitroing and detection
    • Analysis of current ATT&CK coverage by SOC capabilities and SIEM rules
    • Detection engineering with ATT&CK - planning and development of detection analytics
    • Systematic approach to threat hunting with MITRE ATT&CK
    • Cyber threat intelligence (CTI) analysis with ATT&CK
    • DeTT&CT Editor, its capabilities and use
  4. Use of MITRE ATT&CK in offensive security
    • Planning, development, execution and evaluation of security tests and threat emulation exercises with the use of MITRE ATT&CK
  5. Specific approaches to use of MITRE ATT&CK in OT environments and with Mobile devices
  6. MITRE Engage project tools and MITRE Cyber Resiliency Engineering Framework (CREF) Navigator, their capabilities and use

The course is aimed at

  • Security managers
  • Security architects
  • Security analysts and other SOC specialists
  • Cyber threat intelligence (CTI) specialists
  • Detection engineers
  • Red team members
  • Anyone, who would like to start using MITRE ATT&CK framework in their organization


  • Knowledge of basic cyber security vocabulary
  • Awareness of basic principles of cyber security management
  • Awareness of common defensive and detection-oriented cyber security tools and solutions (e.g., FW, IPS/IDS, EDR, SIEM, …)

Additional requirements

A properly configured laptop with installed VirtualBox is required to participate in the course. The latop has to be able to allocate 2 vCPUs, 8 GB RAM and 50 GB of storage space to a virtual machine, which will be used during the training.


Trainees will receive an electronic version of the study materials.


1 day

Currently available training dates

Date Location Language Price (before VAT)
17. 10. 2023 Prague Czech 19 500 CZK Registration
14. 2. 2024 Online Czech 19 500 CZK Registration will open soon
13. 3. 2024 Online English 19 500 CZK Registration will open soon