What is the MITRE ATT&CK framework?
D4 ยท Operations ยท CompTIA Security+ SY0-701The MITRE ATT&CK framework (Adversarial Tactics, Techniques, and Common Knowledge) is a globally accessible knowledge base of cyber adversary behavior, documenting the tactics, techniques, and procedures (TTPs) used by real threat actors โ based on observed attacks.
Structure: Tactics (the "why" โ goals like Persistence, Lateral Movement, Exfiltration) โ Techniques (the "how") โ Sub-techniques (specific implementations).
Used for: threat hunting, red team/blue team exercises, detection engineering, threat intelligence mapping.
Structure: Tactics (the "why" โ goals like Persistence, Lateral Movement, Exfiltration) โ Techniques (the "how") โ Sub-techniques (specific implementations).
Used for: threat hunting, red team/blue team exercises, detection engineering, threat intelligence mapping.
MITRE ATT&CK is the industry-standard adversary behavior framework. Know it's organized by tactics (columns) and techniques (rows). Used in SOC work to map incidents to known TTPs. Companion frameworks: MITRE D3FEND (defensive), MITRE ENGAGE (deception).