ATT&CK'ing it wrong - how to use ATT&CK effectively at an NZ scale

Hamish Krebs, Cyber Security Lead Consultant, recently spoke at CHCon - an event held in Christchurch for cyber security professionals and hackers. Born out of frustrations and learnings behind the MITRE ATT&CK framework, his presentation explored how to go from 'ATT&CK’ing it wrong' to 'ATT&CK’ing it effectively'.

The MITRE ATT&CK framework is a 'checklist' of threat tactics and techniques used by cyber adversaries. Using this framework, organisations can see their vulnerability and identify where there are potential gaps for exploitation. As a vendor-agnostic tool, it's widely used and supported by security professionals worldwide. With New Zealand experiencing a surge in malicious activity of late, Hamish talks about how we can use this framework to better defend against the ever-growing threat of cyber attacks. 

Presentation overview

  • State of CTI in NZ (nascent) (vendor led)
  • What ATT&CK is
  • What ATT&CK isn’t (or shouldn’t be used for)
    • Common pitfalls
    • Mitigating against all the things
    • Car Crash analogy
  • How to operationalize ATT&CK data for common use cases
    • TTP coverage mapping Product Evaluations (Presales)
    • Threat Actor mapping
    • Report Writing (Blue + Red) “Adversary emulation” + Purple Teaming
  • “Advanced” use cases
    • Weightings


Watch the presentation


Looking for a cyber security assessment?

Take a look at our options - customisable for organisations of all sizes and industries.