Fortinet – 17 december – Fast Track: Threat Hunting Using MITRE ATT&CK™ TTPs to Identify Adversarial Behaviors

In today’s cybersecurity landscape, many breaches go undetected by traditional security measures that purely hunt for threats based on IOCs such as hashes, IPs and domains. To effectively address this challenge, organizations need to adopt a proactive approach that involves hunting for threats based on the Tactics, Techniques, and Procedures (TTPs) that threat actor’s use. TTPs are a more reliable way to identify adversary behavior as indicators such as hashes, IPs and domains are easy to change.

In this workshop, participants learn how to use Fortinet analytics products to hunt for threats using TTPs by assuming the role of a security analyst. Attendees will be asked to identify any undetected threats on the network making use of the MITRE ATT&CK™ framework. The challenge is set up with several exercises set around the technical goals the adversary is trying to achieve (ATT&CK™ Tactics), for example, Initial Access, Persistence, Privilege Escalation, and Command and Control. Participants will be asked to detect any techniques being used by an adversary to achieve these goals.

Participants who attend this workshop will learn how to:

• Determine what is the MITRE ATT&CK framework and how it can be used

• Determine what are the TTPs that threat actors use to carry out a breach

• Use FortiEDR threat hunting capabilities to uncover threats on the network

• Use FortiSIEM analytics to discovery attacker behavior based on attack techniques

• Use FortiDeceptor to find attacker activity and shorten attacker dwell time

Date: 2025-12-17
Time: 9.00-13.00
Cost: Free
Language: Swedish