Threat intelligence without standardization becomes noise. Detection capabilities without validation create false confidence. Organizations worldwide struggle to measure defensive effectiveness, prioritize detection engineering efforts, and communicate threats across security teams using inconsistent frameworks. ATT&CKcon 2.0 Day Two addresses these challenges by showcasing practical applications of the MITRE ATT&CK framework across threat intelligence, detection analytics, and adversary emulation.
This full-day conference stream features presentations from leading security researchers and practitioners demonstrating real-world implementations of ATT&CK. Sessions include Ready to ATT&CK’s data validation methodology using Security Datasets and the Mordor project, Red Canary’s approach to prioritizing data sources for minimum viable detection, and Praetorian’s lessons from purple team operations that bridge offensive and defensive capabilities. Lightning talks explore operational applications including heat map analysis, maturity model mappings, and micro-purple teaming techniques.
The conference reveals how ATT&CK extends beyond enterprise environments into ICS/OT systems, misinformation campaigns (AMITT framework), and pre-compromise reconnaissance phases (PRE-ATT&CK). Attendees gain actionable insights for operationalizing threat-informed defense, validating detection analytics with known adversary behaviors, and measuring security program maturity against real-world threat groups. This represents the evolution of defensive strategy from reactive alerting to proactive, adversary-focused security operations.