The goal of the talk is to answer a few questions we often see or hear : “ATT&CK is nice and all, but how do I (we) get started?“, “How can I (we) detect those TTP?“, “Why use the ATT&CK Framework?“, etc. The ATT&CK Framework from Mitre is the new honest in the InfoSec world. There’s a lot of open source projects that use it, commercial products have started using it to show what TTP they cover, it even has it’s own conference : ATT&CKcon.
Mathieu Saulnier Director Threat Research & Security Content, Sumo Logic
Bio Mathieu Saulnier is a “Security Enthusiast” and a Core Mentor for Defcon's Blue Team Village. He is currently "Director Threat Research" at Sumo Logic where he focuses on research, threat hunting and adversary detection. In the last 2 decades, he worked for one of the largest carrier in Canada as Sr Security Architect and held numerous positions as a consultant within several of Quebec’s largest institutions. Since 2020 he took his mentoring engagement to the next level by joining the Blue Team Village Mentor Program. He loves to give talks and has had the honor to do so at Derbycon, SANS DFIR Summit, Defcon’s BTV, NorthSec, GrayHat, GoSec and some BSides.