MITRE ATT&CK Framework: A Basic Guide For 2021


MITRE created ATT&CK as a model to archive and track different techniques attackers utilise all through the various phases of a cyberattack to invade your exfiltrate and network data. 

ATT&CK represents;

  • Adversarial Tactics
  • Techniques
  • Common Knowledge

The full form of ATT is Adversarial Tactics, Techniques. The structure is a matrix of various cyberattack techniques arranged by various tactics. There are various matrices for;

  • Mobile Systems
  • Mac
  • Linux
  • Windows

In this article let us look at:

  1. Definition
  2. When was the MITRE ATT&CK Framework created?
  3. What are the Tactics of the MITRE ATT&CK Framework?
  4. Techniques of the MITRE ATT&CK Framework
  5. Procedures of the MITRE ATT&CK Framework

1. Definition

MITRE ATT&CK framework is an internationally available knowledge base of adversary tactics and techniques dependent on true perceptions. The ATT&CK is utilized as an establishment for the improvement of explicit threat models and approaches in the service community, cybersecurity product, government, and private sector.

MITRE ATT&CK framework utilized by red team test activities, sharing, tool integrations, referencing actors, investigations & detections, threat hunting, and mapping defensive controls. Tactics and techniques are cutting edge perspective cyberattacks. Common knowledge is the recorded utilization of techniques and tactics by adversaries.

There are matrices for common:

  • Desktop platforms: Windows, MacOS and Linux.
  • Cloud platforms: Microsoft Azure, Office 365, Google Cloud Platform, AWS.
  • Mobile platforms: Android and IOs.

2. When was the MITRE ATT&CK Framework created?

There are actually three “flavours” or matrices of MITRE ATT&CK. There’s the most famous and the one we’ll be talking about here:

  • ATT&CK for Enterprise: Spotlights on adversarial behaviour in Cloud, Linux, Mac, and Windows environments.
  • ATT&CK for Mobile: Spotlights on adversarial behaviour on Android OS and iOS.
  • Pre-ATT&CK: Spotlights on “pre-exploit” adversarial behaviour. It is incorporated as a feature of the ATT&CK for enterprise matrix.

The MITRE Corporation, a non-profit organization that supports a few U.S. government offices, started creating ATT&CK in 2013.

The MITRE ATT&CK framework was formally delivered in May 2015.

3. What are the tactics of the MITRE ATT&CK Framework?

The MITRE framework contains a set of procedures utilized by adversaries to achieve a particular goal. 

Taking at the broadest rendition of ATT&CK for Enterprise, which incorporates:

  • Network environments
  • SaaS
  • Office 365
  • Azure AD
  • Azure
  • GCP
  • AWS
  • Linux
  • MacOS
  • Windows

The accompanying adversary tactics are arranged: 

  • Impact: Encrypting data with ransomware.
  • Exfiltration: Transfer data to a cloud account.
  • Control and Command: Communicating with traded-off frameworks to control.
  • Collection: Accessing data in cloud storage.
  • Lateral Movement: Moving through your current circumstance. 
  • Discovery: Exploring what they can handle.
  • Credential Access: Stealing accounts passwords and names.
  • Defence Evasion: Trying to try not to be detected.
  • Privilege Escalation: Leveraging a weakness to lift access. 
  • Persistence: Changing configurations.
  • Execution: Running a remote access device.
  • Initial Access: Spear phishing.
  • Resource Development: Setting up control and command infrastructure.
  • Reconnaissance: Information about the target organization.

The Kill Chain model contains the accompanying stages such as reconnaissance, weaponization, delivery, exploitation, installation, command & control, and actions on objectives.

4. Techniques of the MITRE ATT&CK Framework

Every Tactic that is utilized incorporates an assortment of related Techniques. ATT&CK Techniques are “how” an adversary accomplishes a target. The move they make to get what they are looking for. The system incorporates itemized depictions of how techniques are utilized and why security groups need to take a profound jump.

Every technique contains relevant data, similar to the consents required, what stage the procedure is generally seen on, and how to identify commands and cycles they’re utilized in.

Example attack with techniques from every tactical phase of the attack:

Tactics: Initial access → Discovery → Collection

Techniques: Spearphishing Link → Remote system discovery → Data from network shared drive

5. Procedures of the MITRE ATT&CK Framework

All things as MITRE ATT&CK are concerned, a methodology depicts how software or adversaries executes a procedure. 

The strategy is a specific example of utilization and can help to see precisely how the method is utilized and for replication of an occurrence with adversary imitating and for particulars on the best way to identify that occasion being used. 

ATT&CK system procedures are the particular stages an adversary takes to implement and execute a strategy.

  1. Tactics: Persistence
  2. Techniques: Registry Run Keys, New Service, and Appoint DLLs.
  3. Procedures: Mitigation and Detection
  4. Examples: APT19, BADNEWS, and Briba.


Associations can profit in different manners from utilizing the MITRE ATT&CK framework. MITRE can be utilized to make adversary copying situations to verify and test set up network safety controls against normal adversary methods. Missions based around ATT&CK can make it simpler to decipher patterns, track attacks, and rate the viability of protection devices effectively set up.

Testing the procedures in MITRE ATT&CK framework against the environment is the most ideal approach to stay away from assumptions and guesses with controls by knowing precisely what is mitigated or detected and what isn’t, exhibit where various entertainers would be fruitful or would be trapped in the climate, approve the arrangement of systems and tools, comprehend holes in the protection or visibility, guarantee inclusion against various methods, and test controls and their viability.

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give you an edge in this competitive world.



Related Articles

Please wait while your application is being created.
Request Callback