12th EU ATT&CK Community Workshop Hybrid Format

Ticket sales end soon

Friday, May 17

12th EU ATT&CK Community Workshop Hybrid Format

The 12th EU MITRE ATTACK® Community Workshop will take place on 17/05/24 from 9.30am until 5.30pm (CEST) and is hosted by the CCB.

By Centre for Cybersecurity Belgium (CCB)

Date and time

Friday, May 17 · 9:30am - 5:30pm CEST

Location

SQUARE Brussels Meeting Centre

Mont des Arts 1000 Bruxelles Belgium

Agenda

9:30 AM - 9:30 AM

Opening and welcome

Miguel De Bruycker, CCB

9:30 AM - 9:45 AM

Enhancing Cybersecurity with MITRE ATT&CK and CyberFundamentals

Kevin Holvoet, CCB

At the Centre for Cybersecurity Belgium (CCB), the use of the MITRE ATT&CK framework for the past few years has been integral in analyzing intrusions, managing incidents, and attributing attacks to k...

9:45 AM - 10:00 AM

The Always-On Purple Team: An Automated CI/CD for Detection Engineering

Erik Van Buggenhout, NVISO

This talk will present an innovative architecture that merges industry-leading SOC technologies, SIEM/XDR, SOAR, BAS, and a pinch of ChatGPT. The result is a detection engineering CI/CD pipeline that...

10:00 AM - 10:15 AM

Threat-Led Attack Emulation: Holistic & Efficient Adoption of Threat-Informed

Kennedy Torkura, Mitigant

Adopting a Threat-Informed Defense requires combining its three core pillars: cyber-threat intelligence, testing/evaluation, and defensive measures. Each pillar complements the other and empowers def...

10:15 AM - 10:30 AM

Purple Teaming Automation

Rajendra Mekhale, ItsMe

This presentation explores how automating purple teaming exercises with the MITRE ATT&CK framework can significantly enhance your organization's cybersecurity posture. We'll explore how ATT&CK's stan...

10:30 AM - 10:45 AM

TotalTest – An Integrated Approach to Conducting Attack Simulation

Nebu Varghese, FTI Consulting

This talk outlines an improved method for conducting controlled cyber-attack simulations in an organisation. It leverages real-world threat intelligence, thorough preparation, and collaborative rehea...

10:45 AM - 11:00 AM

Threat-Informed Defense: Transforming Intelligence into Countermeasures

Wojciech Lesicki, Standard Chartered

Grzegorz Molski, Standard Chartered

The concept of Threat-Informed Defense (TID) emphasizes the need to prioritize threats significant to an organization. However, implementing TID raises crucial questions. What are the practical steps...

11:00 AM - 11:30 AM

Coffee

11:30 AM - 11:45 AM

GenAI for Threat-Informed Defense - GenAI as Buddy for TID Research & Developm

Ryusuke Masuoka, Fujitsu

This presentation explores the application of Generative AI (GenAI) in leveraging ATT&CK for Threat-Informed Defense (TID). Utilizing GPTs, a Retrieval Augmented Generation (RAG) mechanism from OpenA...

11:45 AM - 12:00 PM

Chat with your CTI

Dhia Mahjoub, independent researcher

In this presentation, we explore practical approaches for leveraging Large Language Models (LLMs) to derive insights on prevention, detection, and response from threat intelligence, focusing on the M...

12:00 PM - 12:15 PM

The rationale for Cyber Risk Quantification

Robert Kloots, Trust Matters

This talk aims to show how to combine Mitre ATT&CK and Cyber Risk Quantification to further optimise a business risk mitigation decision, regardless of focus for either prevention, detection or respo...

12:15 PM - 12:30 PM

Digital Maintenance for Rail: A MITRE ATT&CK Handbook for Today (and Tomorrow)

Emma Taylor, RazorSecure

Implementation of digital maintenance for trains (rolling stock) bridges the gap between safe and resilient operations - a goal for all transport operators - and cybersecurity. Rolling stock (trains)...

12:30 PM - 1:30 PM

Lunch break

1:30 PM - 2:00 PM

Update from the ATT&CK team

Casey Knerr MITRE

2:00 PM - 2:15 PM

Center for Threat-Informed Defense R&D Update

Tiffany Bergeron, CTID

2:15 PM - 2:30 PM

Introduction of Sigma Correlations

Thomas Patzke, Evonik

One of the most requested features after the creation of Sigma was the capability to express relationships between events and correlations. A first proposal was made in the end of 2020 and at the end...

2:30 PM - 2:45 PM

SigmAIQ: Bridging Advanced LLM Support with Sigma Rules for Next-Gen Cyber Def

Stephen Lincoln, AttackIQ

SigmAIQ elevates the management of Sigma rules through its innovative design as a wrapper for pySigma backends and pipelines, integrating Large Language Model (LLM) support. This presentation will hi...

2:45 PM - 3:00 PM

TRAM LLM for ATT&CK

Andrii Bezverkhyi, SOC Prime

Alla Iurchenko, SOC Prime

In the era of AI, one may wonder, how will we detect cyber attacks on time and be able to interpret their objectives. Even better, how can we act in advance? As our industry collaborates every day to...

3:00 PM - 3:30 PM

Coffee

3:30 PM - 3:45 PM

A Look Outside the Window(s): CTI Spotlight on Less-Prominent ATT&CK Technique

Scott Small, TIDAL

This session provides a data-driven review of publicly available intelligence around "less prominent" MITRE ATT&CK® Techniques (i.e. Techniques outside the well-known Windows space). Specifically, we...

3:45 PM - 4:00 PM

Operationalizing Threat Intelligence to ATT&CK your Adversaries

Hanna Holych, SSSCIP

The presentation focuses on how The State Service of Special Communications and Information Protection of Ukraine (hereinafter SSSCIP) leverages the MITRE ATT&CK framework to identify, assess, and co...

4:00 PM - 4:15 PM

A CISO story: educating students on MITRE ATT&CK in Ukraine, with CERT-UA

Volodymyr Garashchenko, SOC Prime

Denys Yashchuk, CERT UA

As a Company manager, how often do you struggle with searching for highly qualified cyber security specialists? From our personal experience, MITRE ATT&CK as a knowledge base of practical cases in ...

4:15 PM - 4:30 PM

Matching the Attack - Growth in use of QR Codes

Dave Ross, Intel471

This presentation will provide an insight into the use of QR by threat actors and how the existing malware infrastructure evolved to cater for this remerging delivery method.

4:30 PM - 4:45 PM

Cost effective requirements allocation with MITRE ATT&CK

Olivier de Visscher, Expleo

Thomas Jahan, Expleo

The EU Cybersecurity regulatory landscape is getting wider than ever : DORA, CRA, NIS2, EUCS, .. Either you are selling products or managing critical systems and data, it is challenging to comply to...

4:45 PM - 5:00 PM

Standardising Threat Matrices: the good, the bad, the ...

Christophe Vandeplas, nexturia / MISP Project

The MITRE ATT&CK framework has become the Rosetta Stone of cyber defense. With growing popularity comes… more frameworks! This talk dives into the wild world of MITRE ATT&CK derivatives, exploring th...

5:00 PM - 5:15 PM

Leveraging MITRE ATT&CK to Develop the MISP Galaxy Standard: Building a Robust

Alexandre Dulaunoy, CIRCL

5:15 PM - 5:30 PM

Honeypots and how to use them with ATT&CK

Victor Curalea, European Commission

This talk demonstrates the use of honeypots in collecting data on entities conducting Internet-wide vulnerability scans. Through five distinct experiments, we discerned how a honeypot's profile impac...

5:30 PM - 5:30 PM

Closing

Freddy

About this event

8 hours

The 12th EU MITRE ATT&CK® Community Workshop will take place on the 17th of May 2024 from 9:30am until 5.30pm (CEST) and will be hosted by the Centre for Cybersecurity Belgium (CCB). The event is hybrid: you can choose to attend online via videoconference or attend in-person at The Square, Mont des Arts, 1000 Brussels.

Content of the Community Workshop

The workshop is organized by practitioners and for practitioners with an interest in the use of the ATT&CK® Framework in Prevention, Detection/Hunting and Response. You will hear updates from the Center For Threat-Informed Defense and from the developers of systems and tools supporting the ATT&CK® Framework. But even more importantly, you will learn best practices from your peers in the user community.

The highly-effective format of short (15’) lightning talks will focus on the following themes:

1. Tools and methods for sharing

2. Rules, playbooks and processes

3. ATT&CK® flavours (cloud, telecom, ICS, Active Defence…)

Registration is mandatory

Participation to the event is at no cost for the participants, but registration is required. Please bear in mind that the number of available seats for both in-person and online participation are limited so the organizers reserve the right to select participants if necessary.

• We insist that you provide your real name, affiliation and a corporate email address in your registration.

• If you would like to participate in-person please select "Entry ticket for on-site participation"

• Tickets are distributed on a "first come, first serve basis"

Organized by

Centre for Cybersecurity Belgium (CCB)

Free