Visit complete Cyber Security roadmap

← Back to Topics List


The ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a valuable resource for understanding the methods and strategies that adversaries are likely to use when attacking a target system or network. Developed by MITRE Corporation, ATT&CK is a comprehensive, regularly updated repository of threat actor tactics and techniques seen in real-world attacks.

Key Components

There are four main components of the ATT&CK framework:

  • Tactics: These represent the intentions or strategic goals of an attacker, such as gaining initial access to a target network or moving laterally within it.
  • Techniques: These are the specific methods employed by attackers to accomplish their tactical objectives. Techniques are usually associated with multiple tactics, and can be standardized or customized by threat actors.
  • Sub-techniques: Sub-techniques provide more granularity to specific techniques, breaking them down into smaller components that can be observed or mitigated individually.
  • Mitigations: This component focuses on the defensive measures that organizations can take to prevent or respond to the attacker’s tactics and techniques.

ATT&CK Matrix

The ATT&CK Matrix is a visualization tool that organizes tactics and techniques into a table that represents the stages of an attack lifecycle. It’s designed to help security practitioners understand the relationships between tactics and techniques, making it easier to use the framework effectively in threat analysis, detection, and prevention efforts.

Real-World Application

By understanding the possible threats detailed in the ATT&CK framework and incorporating them into your cybersecurity strategy, you can better assess your organization’s vulnerabilities, develop improved defensive procedures, and respond more effectively to incidents. The matrix could be used to:

  • Identify gaps in your security posture
  • Develop more robust defensive measures tailored to specific attack scenarios
  • Evaluate the effectiveness of current detection and prevention tools
  • Train your team in identifying and responding to typical attack patterns

In summary, the ATT&CK framework is an invaluable resource for understanding the techniques and methods used by adversaries in real-world cyber attacks. As an author of a cyber security guide, ensuring that you are familiar with ATT&CK can help you build a more effective, comprehensive, and robust security strategy to keep your organization safe.

Community is the 6th most starred project on GitHub and is visited by hundreds of thousands of developers every month.

Roadmaps Best Practices Guides Videos Store YouTube by Kamran Ahmed

Community created roadmaps, articles, resources and journeys to help you choose your path and grow in your career.

© · FAQs · Terms · Privacy


The leading DevOps resource for Kubernetes, cloud-native computing, and the latest in at-scale development, deployment, and management.