Popular Resources


MITRE ATT&CK™ offers the security community a common language to communicate about adversary tactics, techniques, and behaviors. In the articles and resources below, we offer guidance on how security teams can use the framework to expand detection coverage and increase visibility.

Shutting Down Lateral Movement

June 26th, 2019 | 11:00am MDT

You just detected an adversary moving laterally in your environment. Now what? In the follow-up to our popular webinar on detecting lateral movement, experts from Red Canary and Kroll will pick up where we left off. Join us to learn how to cut mean time to remediation and reduce the impact of incidents.

You will learn:

  • Lessons from a series of rapidly spreading Emotet infections
  • Critical considerations and tools for scoping, containment, and remediation
  • Trends across industries and organization sizes
  • Step-by-step response plans

Whether you’re a team of one or a dozen, you’ll walk away with a solid action plan and foundational metrics you can use to start improving your response processes today.


Four tools to consider if you’re adopting ATT&CK


Testing the Top MITRE ATT&CK Techniques: PowerShell, Scripting, Regsvr32


Getting Started with ATT&CK? New Report Suggests Prioritizing PowerShell


ATT&CK™ Is Only as Good as Its Implementation: Avoiding Five Common Pitfalls


Using MITRE ATT&CK™ When Researching Attacker Behavior and Running Unit Tests


Q & A: How to Use the MITRE ATT&CK™ Framework to Mature Your Threat Hunting Program


Red Canary ATT&CKs (Part 3): Mapping Our Detectors to ATT&CK Techniques


Red Canary ATT&CKs (Part 1): Why We’re Using ATT&CK Across Red Canary