Title: Analytic Development through Capability Abstraction of ATT&CK Techniques
Project ID: YarhR11
Research one or more ATT&CK Techniques using the “Capability Abstraction” approach used by SpectreOps to identify low-variance behaviors or “chokepoints” associated with those Techniques, and develop analytics and associated data collection requirements based on those insights.
Windows debugging, Splunk or Kibana query construction, Windows Event Logging, Sysmon, WinDbg, Procmon, or equivalents.
US Citizenship Required: No
Active Clearance or Background Investigation Required: No
Level Needed: N/A
Targeted Students: Undergraduate, Graduate
Team Size: 2 to 4
Details: This could be, and has been, accomplished by an individual, or a team. Team size is flexible, though a small group might be optimal.
Focus on Particular University: No
Focus Timeline: No
Potential Funding: No
Note: Availability of funds not guaranteed