Thinking Like an Analyst — Kill Chain to ATT&CK
Tools find alerts; frameworks turn alerts into understanding. This epoch teaches the mental models analysts use to make sense of an adversary: the Cyber Kill Chain, the Diamond Model, MITRE ATT&CK and the ATT&CK Navigator, the Pyramid of Pain, MITRE D3FEND, and STIX/TAXII for sharing — all tied together by the threat-intelligence lifecycle and threat-informed defense. Hands-on analyst exercises (map an intrusion to the kill chain, pivot the Diamond, tag behavior with ATT&CK technique IDs, climb the Pyramid of Pain, map a defense in D3FEND, and author a STIX indicator) alongside the concepts.
The map that turns noise into knowledge
Why Frameworks?
The anatomy of an intrusion
The Cyber Kill Chain
The four corners of every attack
The Diamond Model
The encyclopedia of adversary behavior
MITRE ATT&CK
Turning logs into technique IDs
ATT&CK in Practice
The hierarchy of hurt
The Pyramid of Pain
The defender's matrix
MITRE D3FEND
The language machines use to share threats
STIX & TAXII
Who, and how sure?
Intel Levels & Attribution
All the lenses, working together
Threat-Informed Defense