Third workshop - 9-10 May 2019

After the success of the two EU ATT&CK workshops in 2018, we decided to organise a third workshop which will take place on 9-10 May 2019 at Eurocontrol in Brussels.

For more information and registration, check our event page.


  MITRE ATT&CK EU User Workshop - Eurocontrol Brussels      
9-May-19 Tools and Methods      
8:00 Registration      
9:00 Welcome Eurocontrol    
9:15 Update on ATT&CK & CAR MITRE Rich Struse  
10:00 Update on MISP CIRCL Alexandre Dulaunoy  
10:15 Atomic Threat Coverage Daniil Yugoslavskiy    
10:30 50 Shades of Sigma NEXTRON/Florian Roth Florian Roth  
10:45 Tying it all together: Sigma, ATT&CK, and STIX Palantir Tareq Alkhatib  
11:00 Coffee      
11:30 ATT&CK Coverage assessment from a data perspective Deloitte /Olaf Hartong Olaf Hartong  
11:45 Mordor: Pick your adversary technique or simulation plan, and get pre-recorded events right away! SpectreOps/Roberto Rodriguez Roberto Rodriguez  
12:00 Gain insights with a measurable business impact. Extend ATT&CK beyond its original scope. ING Francesco Bigarella  
12:30 Lunch      
13:30 ATT&CK Meets Automation Arctic Security Lari Huttunen  
13:45 Moving the MITRE ATT@CK Framework to the Att&cker Crowdstrike Spencer Parker  
13:30 Defending against adversary playbooks Palo Alto Alexander Hincliffe  
13:45 Adoption of the ATT&CK framework within our collaborative TIP QuoLab and TI production. Quoscient Fabien Dombard  
14:00 Using ATT&CK for threat hunting AVIVA Seth Brunt  
14:15 Threat hunting with ATT&CK ThyssenKrupp/Thomas Patzke Thomas Patzke  
14:30 Daily use of ATT&CK, Sigma & ELK for threat hunting and actor attribution SOCPRIME Andrii Bezverkhyi  
14:45 DCSO & ATT&CK DCSO Robert Haist  
15:00 Coffee      
15:30 How BT is leveraging Mitre ATT&CK for security design, delivery and operations BT Adam Gray  
15:45 Verify, Sight, Tune and Investigate - your next best move Corelight James Schweitzer  
16:00 Reternal open source tool ING Joey Dreijer  
16:15 Preventative policies to defend against common TTP’s on Linux CMD Jake King  
16:30 Using ATT&CK in the evaluation and enhancment of Threat Intel functions. EY Bence Horvath  
16:45 Assessing security posture leveraging threat intelligence, MITRE ATT&CK and the Verodin Platform. Winton Craig Aitchison  
17:00 Combining the Diamond Model and ATT&CK Equinor Trond Sellandt  
17:15 Turning the tide, using criminals stolen credential against them Spycloud Ted Ross  
17:30 How the old Arcade Games teach us about today Active Directory CyberSecurity rules ALSID Sylvain Cortes  
17:45 Analytic stories SPLUNK Paul Bryant  
18:00 Social event and networking (on site at Eurocontrol)      
21:00 End of day 1      
10-May-19 Use Cases and User Feedback      
9:00 Actionnable knowledge with MITRE ATTACK ANSSI Samuel Hassine  
9:15 Kickstart your SOC with EU-ATT&CK Community Tooling BSI Jens Sieberg  
9:30 Current ATT&CK use at CCB and roadmap CCB Pedro Deryckere  
9:45 Current ATT&CK use at CERT-EU and roadmap CERT-EU Saâd Khadi  
10:00 Generating attack patterns from repeat observations among a greater mass of automatically analysed artefacts NCSC-FI Kimmo Linnavuo  
10:15 Use of ATT&CK within Dutch government NCSC-NL Anton Jongsma  
10:30 Use of ATT&CK by NCSC-UK, initial plans NCSC-UK Paul Chichester  
10:45 ATT&CK enabled information sharing for NIS Directive actors Deloitte Dan Cimpean  
11:00 Coffee      
11:30 Improving Cyber Resilience in the Supply chain by sharing ASML Ewoud Smit  
11:45 Use the ATT&CK Matrix to build a Security Monitoring Framework for the Audi Group Audi Mona Lange  
12:00 Implementing ATT&CK framework in detection process : benefits, challenges andsuggested improvements Banque de France Barbara Louis-Sidney  
12:45 How EC DIGIT CSIRC and SOC are aligning their processes with the ATT&CK framework. European Commission David Durveaux  
12:30 Lunch      
13:30 Expectations of ATT&CK for Euroclear SOC Euroclear Stijn Geerts  
13:45 How we use ATT&CK to test and improve our defenses in Purple teaming and use case creation and updates. Nationale Nederlanden Ferdinand Vroom  
14:00 Mapping your blue team to ATT&CK Rabobank Marcus Bakker  
14:15 The best of fails for Red and Blue Société Générale Alex Kouzmine  
14:30 Using MITRE in prevention and detection PSA Maxim D’hollander  
14:45 Use of ATT&CK within CERT-W activities Wavestone Vincent Nguyen  
15:00 Communautés CERT BANK AL MAGHRIB Mustapha Hadadi  
15:15 Cyber Defense measured, rated, improved and finally sleep peacefully again Computacenter Fabian Lochmann  

Related links