M
MITRE ATT&CK
A comprehensive knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks.
What is MITRE ATT&CK?
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally-accessible knowledge base of adversary behaviors based on real-world observations. It provides a common language and framework for describing cyberattack patterns.
ATT&CK Structure
Tactics: The "why" - adversary's goals
- Reconnaissance
- Resource Development
- Initial Access
- Execution
- Persistence
- Privilege Escalation
- Defense Evasion
- Credential Access
- Discovery
- Lateral Movement
- Collection
- Command and Control
- Exfiltration
- Impact
Techniques: The "how" - methods to achieve goals Sub-techniques: Specific implementations
ATT&CK Matrices
- Enterprise: Windows, macOS, Linux, Cloud
- Mobile: iOS and Android
- ICS: Industrial Control Systems
Using ATT&CK
- Map detected behaviors to techniques
- Identify detection gaps
- Simulate adversary behaviors
- Communicate threats clearly
- Benchmark security coverage
- Guide red team exercises