Title: Analytic Development through Capability Abstraction of ATT&CK Techniques
Project ID: YarhR11
Domain(s): Cybersecurity


Research one or more ATT&CK Techniques using the “Capability Abstraction” approach used by SpectreOps to identify low-variance behaviors or “chokepoints” associated with those Techniques, and develop analytics and associated data collection requirements based on those insights.

Desired Skills:
Windows debugging, Splunk or Kibana query construction, Windows Event Logging, Sysmon, WinDbg, Procmon, or equivalents.


US Citizenship Required: No
Active Clearance or Background Investigation Required: No
Level Needed: N/A

Team Information-

Targeted Students: Undergraduate, Graduate
Team Size: 2 to 4
Details: This could be, and has been, accomplished by an individual, or a team. Team size is flexible, though a small group might be optimal.

Specific Requirements-

Focus on Particular University: No
Details: N/A


Focus Timeline: No
Details: N/A


Potential Funding: No
Note: Availability of funds not guaranteed

I’m Interested In this Project