About the Course
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
With the creation of ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge), MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.
Moreover, the framework describes how attackers penetrate networks and then move laterally, escalate privileges, create a persistent state, or generally evade your defenses.
The ATT&CK framework looks at the issue from an attacker's point of view and helps the cybersecurity professionals identify what is the goal of an attacker and what are the techniques and procedures the attacker will use to attain their goal.
Another important use of ATT&CK is to help you learn how to detect an attacker’s actions on your network. The ATT&CK Framework includes resources that are purpose built to help you develop analytics that detect the techniques used by attackers as they attempt to breach, explore, and exfiltrate data from your databases. ATT&CK will also provide information on hacking collectives or groups and the campaigns they’ve conducted, allowing you to be as prepared as possible for a future attack.
ATT&CK helps you understand how attackers might operate so that you can plan and build response playbooks to mitigate attacker incidents. Armed with this knowledge and “attack playbooks” you are now better prepared to understand how your adversaries prepare for, launch, and execute their attacks to achieve specific desired objectives.
Successful and comprehensive threat detection requires understanding common adversary TTPs, that is the Tactics, Techniques and procedures especially those that pose a threat to your organization, and how to detect and mitigate these attacks.
Tactics represent the "why" of an ATT&CK technique or sub-technique. It is the adversary's tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access, that’s a tactic. Within each tactic category ATT&CK defines a series of techniques. Each technique describes one way an attacker may attempt to achieve their objective.