SANS Workshop – Deception Planning with MITRE ATT&CK and Engage

  • Friday, 26 Aug 2022 11:00AM EDT (26 Aug 2022 15:00 UTC)
  • Speaker: Kevin Fiscus

In this 2-hour, hands-on session, you will walk through the entire deception planning process beginning with an overview of what cyber deception is and the value it can provide. We will then walk through the entire cyber deception planning process starting with threat modeling using MITRE ATT&CK and their ATT&CK Navigator. We will then begin the planning process by mapping identified ATT&CK tactics and techniques to the deception and adversary engagement goals and methods using MITRE Engage. Finally, we will put our plans into action by implementing deception and viewing it from the perspective of an attacker. This event will include over an hour of hands-on activities and is suitable for deception implementers, as well as deception planners, and deception leadership. The event will consist of four modules and three hands-on activities as follows:

  • Module 1: Introduction to Cyber Deception and Deception Planning
  • Module 2: Understanding Your Adversary with MITRE ATT&CK
  • Module 3: Cyber Deception and Deception Planning
    - Hands-on: Working with ATT&CK Navigator
  • Module 4: Identifying Deception Goals and Methods with MITRE Engage
    - Hands-on: Mapping ATT&CK to Engage
  • Module 5: The Attacker's View of Deception
    - Hands-on: Let's Play with Deception

Prerequisites: Basic IT and/or security understanding is ideal, but this workshop is suitable for all levels.

System Requirements: Internet access and a web browser
Please note – we will not be able to troubleshoot or support any local access or browser issues.