MITRE ATT&CK’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.


Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Execution, Collection and Exfiltration, Command and Control.

Getting started with ATT&CK

  1. eBook – mitre-getting-started-with-attack-october-2019
  2. Getting Started with ATT&CK: Assessments and Engineering
  3. Getting Started with ATT&CK: Threat Intelligence by Katie Nickels
  4. Getting Started with ATT&CK: Detection and Analytics by John Wunder
  5. Getting Started with ATT&CK: Adversary Emulation and Red Teaming by Blake Strom, Timothy Schulz, and Katie Nickels
  6. DeTT@CT –
  7. Quantifying Vendor Efficacy Using The MITRE ATT&CK Evaluation –
  8. Here’s Why We Can’t Have Nice Things –
  9. BZAR (Bro/Zeek ATT&CK-based Analytics and Reporting)
  10. EU ATT&CK Community –

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s