MITRE ATT&CK framework techniques, sub-techniques & procedures

The MITRE ATT&CK framework is a tool developed by the MITRE Corporation to aid understanding and discussion of cyberattacks.  MITRE ATT&CK takes the cyberattack lifecycle and breaks it down into stages (called Tactics). 

Each of these Tactics has additional information about it, providing a deep drive into the methods that a cyberattacker can use to carry out their goals.

Introduction to MITRE ATT&CK framework techniques

The MITRE ATT&CK framework is organized hierarchically.  At the top level are the Tactics, which describe the goals that an attacker may need to achieve during the cyberattack lifecycle, such as evading defenses and gaining access to user credentials.

Below this level are the Techniques.  Techniques are particular methods by which an attacker can achieve the goal outlined in a particular Tactic.  For example, the Credential Access Tactic in the Enterprise Matrix includes techniques like Brute Force and OS Credential Dumping.

MITRE ATT&CK framework PRE-ATT&CK techniques

PRE-ATT&CK used to be its own standalone matrix that rivaled the Enterprise matrix in size.  Now, it has been condensed to two Tactics within the Enterprise matrix: Reconnaissance and Resource Development.

Each of these Tactics has a number of Techniques. Reconnaissance’s ten Techniques are focused on using

Read More: