This course covers various aspects of the Search Open Technical Databases: Scan Databases TTP, including its components, associated risks, and detection techniques. Participants will learn how to detect and mitigate the risks associated with this TTP (T1596.005) and techniques for validating alerts and conducting pre and post-alert preparations.
Learning Objectives
After completing MITRE ATT&CK TTP content, learners should be able to:
- Detect adversary usage of a technique or sub-technique in a hands-on environment.
- Explain possible approaches for setting up detection rules and recommending mitigations for the technique.
- Describe how an adversary might chain this technique together with adjacent or related techniques in order to accomplish objectives on goal.
- Provide examples of real-world procedures that illustrate the techniques.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Cyber Operations
- Exploitation Analysis