Practical MITRE ATT&CK

This one-day course covers practical use cases for development of cyber security capabilities in modern organizations with the help of MITRE ATT&CK framework. Trainees will learn to use MITRE ATT&CK in threat modeling, developing security analytics, planning red and purple team exercises and in many other areas. With the help of practical exercises, they will also learn to use multiple specialized tools for working with the framework.


  1. Introduction to MITRE ATT&CK
    • History and development
    • Components of ATT&CK and how they may be used
    • Other relevant frameworks and models and their connection to ATT&CK (D3FEND, DeTT&CT, RE&CT, …)
  2. Use of MITRE ATT&CK in security management and security architecture
    • Threat modeling with the help of ATT&CK framework
    • Mapping of existing security controls to different ATT&CK Matrices
    • MITRE ATT&CK Navigator, its capabilities and use
  3. Use of MITRE ATT&CK in defensive security
    • MITRE ATT&CK as a basis for security monitroing and detection
    • Analysis of current ATT&CK coverage by SOC capabilities and SIEM rules
    • Detection engineering with ATT&CK - planning and development of detection analytics
    • Systematic approach to threat hunting with MITRE ATT&CK
    • Cyber threat intelligence (CTI) analysis with ATT&CK
    • DeTT&CT Editor, its capabilities and use
  4. Use of MITRE ATT&CK in offensive security
    • Planning, development, execution and evaluation of security tests and threat emulation exercises with the use of MITRE ATT&CK
  5. Specific approaches to use of MITRE ATT&CK in OT environments and with Mobile devices
  6. MITRE Engage project tools and MITRE Cyber Resiliency Engineering Framework (CREF) Navigator, their capabilities and use

The course is aimed at

  • Security managers
  • Security architects
  • Security auditors
  • Security analysts and other SOC specialists
  • Cyber threat intelligence (CTI) specialists
  • Detection engineers
  • Red team members
  • Anyone, who would like to start using MITRE ATT&CK framework in their organization


  • Knowledge of basic cyber security vocabulary
  • Awareness of basic principles of cyber security management
  • Awareness of common defensive and detection-oriented cyber security tools and solutions (e.g., FW, IPS/IDS, EDR, SIEM, …)

Additional requirements

A computer with internet access is required to participate in an online version of the course.


Trainees will receive an electronic version of the study materials.


1 day

Currently available training dates

Date Location Language Price (before VAT)
17. 6. 2024 Prague Czech 19 500 CZK Registration
11. 10. 2024 Online Czech 19 500 CZK Registration

If the currently available dates don’t suite you, or if you are interested in a private run of the training for your organization, don’t hesitate to contact us.