Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Contextualizing the MITRE ATT&CKŪ Framework

  • Tuesday, April 27, 2021 at 10:30 AM EDT (2021-04-27 14:30:00 UTC)
  • Matt Bromiley, Avihai Ben-Yossef


  • Cymulate

You can now attend the webcast using your mobile device!



The MITRE ATT&CK framework is a powerful tool that provides a language to define, track, and categorize attacker tactics, techniques, and procedures (TTPs). But what if you could use it to gain a deeper understanding of how, why, and when attackers may abuse a technique? By combining threat actor intelligence with the ATT&CK \'dictionary,\' you can add critical context to your detections to increase the effectiveness of your security controls tests and the fidelity of your results.

In this webcast, Matt Bromiley, SANS digital Forensics and Incident Response (DFIR) instructor, describes how you can make the most of ATT&CK and develop a process to read, interpret, contextualize, and test within your environment.

Attendees will learn to:

  • Use ATT&CK to read threat intelligence reports and identify key TTPs for control testing.
  • Design efficient, lifecycle-appropriate security control tests that increase the fidelity of your results.
  • Use control testing to identify and prioritize visibility gaps.
  • Determine how your environment would hold up against the latest in attacker techniques.
  • Understand the limitations of ATT&CK.

Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Avihai Ben-Yossef

Recognized by Forbes Israel 30 under 30, Avihai Ben-Yossef is the co-founder and CTO of Cymulate, Ltd. At age 26, Avihai and co-founder Eyal Wachsman established Cymulate in 2016 to transform security testing for companies of all sizes. Prior to this, Avihai served in an Intelligence Unit of the IDF in a leading technological role, followed by becoming a senior information security consultant at Avnet Cyber & Information Security, where he worked on several projects alongside the Israeli Ministry of Defense.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.