11-11-2020 ACM Webcast: How to Cover C&C in the MITRE ATT&CK Matrix

Active Countermeasures Webcast


How to Cover C&C in the MITRE ATT&CK Matrix

We all look to the MITRE ATT&CK Matrix for guidance to understand attack techniques as well as to mitigate their risks. If you want to take a strong defense-in-depth approach, you will want to ensure you have coverage of each ATT&CK framework category. Arguably, one of the most difficult columns to both test and implement is the Command and Control column.

In this ACM webcast, we’ll run down the Command and Control column to identify how we can both detect and test each described threat vector.

Download Slide Deck

Presented by: John Strand


  • 0:00:00 – PreShow Banter™ — Geek Dance Party
  • 0:09:48 – FEATURE PRESENTATION: How to Cover C&C in the AT&TCK Matrix
  • 0:14:03 – Problems with IDS
  • 0:19:11 – Endpoint Protection Review: A Change in the Landscape
  • 0:23:13 – MITRE Command & Control & Exfiltration
  • 0:26:48 – MITRE Shield
  • 0:33:59 – Why Is This Necessary?
  • 0:36:18 – Malware PCAP Samples
  • 0:47:09 – Passer
  • 0:50:51 – Creating Command & Control
  • 0:58:04 – Conclusions & Questions
  • 1:09:52 – DEMO: AI-Hunter (Active Countermeasures) Commercial Demo
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To