The MITRE ATT&CK framework has emerged as the most complete and detailed body of knowledge of adversary techniques and tools ever compiled. As such, anyone in threat detection and response should be studying it. In this talk we will provide a brief overview of MITRE ATT&CK and how it can be used to help organize and focus hunting exercises. We’ll make this more concrete by showing how a malware sandbox data set and advanced analytics can be used to find examples of ATT&CK techniques being leveraged in the wild.
