The MITRE ATT&CK framework is a knowledge base that catalogs real-world adversary tactics, techniques, and procedures (TTPs).
Tactics represent why an adversary performs an action-their immediate technical objectives such as credential access or lateral movement.
Techniques (and sub-techniques) describe how the adversary achieves those objectives.
Procedures are the specific, real-world implementations of a technique observed in the wild.
Because ATT&CK captures this full chain of TTPs, it is not limited to describing the attacker's objectives alone. Options that mention only objectives, only malware families, or only indicators of compromise each omit essential parts of the framework and are therefore incorrect.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Tactics, Techniques, and Procedures (TTPs)?
Open an interactive chat with Bash
How does the MITRE ATT&CK framework improve cybersecurity?
Open an interactive chat with Bash
Can you give examples of how Tactics differ from Techniques in the MITRE ATT&CK framework?