Third workshop - 9-10 May 2019
After the success of the two EU ATT&CK workshops in 2018, we decided to organise a third workshop which will take place on 9-10 May 2019 at Eurocontrol in Brussels.
For more information and registration, check our event page.
Agenda
| MITRE ATT&CK EU User Workshop - Eurocontrol Brussels | ||||
| 9-May-19 | Tools and Methods | |||
| 8:00 | Registration | |||
| 9:00 | Welcome | Eurocontrol | ||
| 9:15 | Update on ATT&CK & CAR | MITRE | Rich Struse | |
| 10:00 | Update on MISP | CIRCL | Alexandre Dulaunoy | |
| 10:15 | Atomic Threat Coverage | Daniil Yugoslavskiy | ||
| 10:30 | 50 Shades of Sigma | NEXTRON/Florian Roth | Florian Roth | |
| 10:45 | Tying it all together: Sigma, ATT&CK, and STIX | Palantir | Tareq Alkhatib | |
| 11:00 | Coffee | |||
| 11:30 | ATT&CK Coverage assessment from a data perspective | Deloitte /Olaf Hartong | Olaf Hartong | |
| 11:45 | Mordor: Pick your adversary technique or simulation plan, and get pre-recorded events right away! | SpectreOps/Roberto Rodriguez | Roberto Rodriguez | |
| 12:00 | Gain insights with a measurable business impact. Extend ATT&CK beyond its original scope. | ING | Francesco Bigarella | |
| 12:30 | Lunch | |||
| 13:30 | ATT&CK Meets Automation | Arctic Security | Lari Huttunen | |
| 13:45 | Moving the MITRE ATT@CK Framework to the Att&cker | Crowdstrike | Spencer Parker | |
| 13:30 | Defending against adversary playbooks | Palo Alto | Alexander Hincliffe | |
| 13:45 | Adoption of the ATT&CK framework within our collaborative TIP QuoLab and TI production. | Quoscient | Fabien Dombard | |
| 14:00 | Using ATT&CK for threat hunting | AVIVA | Seth Brunt | |
| 14:15 | Threat hunting with ATT&CK | ThyssenKrupp/Thomas Patzke | Thomas Patzke | |
| 14:30 | Daily use of ATT&CK, Sigma & ELK for threat hunting and actor attribution | SOCPRIME | Andrii Bezverkhyi | |
| 14:45 | DCSO & ATT&CK | DCSO | Robert Haist | |
| 15:00 | Coffee | |||
| 15:30 | How BT is leveraging Mitre ATT&CK for security design, delivery and operations | BT | Adam Gray | |
| 15:45 | Verify, Sight, Tune and Investigate - your next best move | Corelight | James Schweitzer | |
| 16:00 | Reternal open source tool | ING | Joey Dreijer | |
| 16:15 | Preventative policies to defend against common TTP’s on Linux | CMD | Jake King | |
| 16:30 | Using ATT&CK in the evaluation and enhancment of Threat Intel functions. | EY | Bence Horvath | |
| 16:45 | Assessing security posture leveraging threat intelligence, MITRE ATT&CK and the Verodin Platform. | Winton | Craig Aitchison | |
| 17:00 | Combining the Diamond Model and ATT&CK | Equinor | Trond Sellandt | |
| 17:15 | Turning the tide, using criminals stolen credential against them | Spycloud | Ted Ross | |
| 17:30 | How the old Arcade Games teach us about today Active Directory CyberSecurity rules | ALSID | Sylvain Cortes | |
| 17:45 | Analytic stories | SPLUNK | Paul Bryant | |
| 18:00 | Social event and networking (on site at Eurocontrol) | |||
| 21:00 | End of day 1 | |||
| 10-May-19 | Use Cases and User Feedback | |||
| 9:00 | Actionnable knowledge with MITRE ATTACK | ANSSI | Samuel Hassine | |
| 9:15 | Kickstart your SOC with EU-ATT&CK Community Tooling | BSI | Jens Sieberg | |
| 9:30 | Current ATT&CK use at CCB and roadmap | CCB | Pedro Deryckere | |
| 9:45 | Current ATT&CK use at CERT-EU and roadmap | CERT-EU | Saâd Khadi | |
| 10:00 | Generating attack patterns from repeat observations among a greater mass of automatically analysed artefacts | NCSC-FI | Kimmo Linnavuo | |
| 10:15 | Use of ATT&CK within Dutch government | NCSC-NL | Anton Jongsma | |
| 10:30 | Use of ATT&CK by NCSC-UK, initial plans | NCSC-UK | Paul Chichester | |
| 10:45 | ATT&CK enabled information sharing for NIS Directive actors | Deloitte | Dan Cimpean | |
| 11:00 | Coffee | |||
| 11:30 | Improving Cyber Resilience in the Supply chain by sharing | ASML | Ewoud Smit | |
| 11:45 | Use the ATT&CK Matrix to build a Security Monitoring Framework for the Audi Group | Audi | Mona Lange | |
| 12:00 | Implementing ATT&CK framework in detection process : benefits, challenges andsuggested improvements | Banque de France | Barbara Louis-Sidney | |
| 12:45 | How EC DIGIT CSIRC and SOC are aligning their processes with the ATT&CK framework. | European Commission | David Durveaux | |
| 12:30 | Lunch | |||
| 13:30 | Expectations of ATT&CK for Euroclear SOC | Euroclear | Stijn Geerts | |
| 13:45 | How we use ATT&CK to test and improve our defenses in Purple teaming and use case creation and updates. | Nationale Nederlanden | Ferdinand Vroom | |
| 14:00 | Mapping your blue team to ATT&CK | Rabobank | Marcus Bakker | |
| 14:15 | The best of fails for Red and Blue | Société Générale | Alex Kouzmine | |
| 14:30 | Using MITRE in prevention and detection | PSA | Maxim D’hollander | |
| 14:45 | Use of ATT&CK within CERT-W activities | Wavestone | Vincent Nguyen | |
| 15:00 | Communautés CERT | BANK AL MAGHRIB | Mustapha Hadadi | |
| 15:15 | Cyber Defense measured, rated, improved and finally sleep peacefully again | Computacenter | Fabian Lochmann | |