MITRE ATT&CK

A simplified guide to MITRE ATT&CK — what it is, how it works, and how security teams use it.

This section is a work in progress. Content is being migrated and expanded over time. Core pages are published; additional sections are coming.

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It is used by defenders, researchers, and red teams to understand how attackers operate and to measure defensive coverage.

This section is a simplified companion guide to the official MITRE ATT&CK Design and Philosophy document — written with the belief that "It's Okay To Be New."

Pages in This Section

What is ATT&CK?

An introduction to the knowledge base — what it covers, what problems it solves, and the vocabulary behind it.

Design & Philosophy

The purpose and motivation behind this simplified guide.

Background History

How ATT&CK originated from structured adversary emulation exercises at MITRE and how it has grown over time.

Vocabulary

Key terms used throughout ATT&CK documentation — adversary emulation, red teaming, threat intelligence, and more.

ATT&CK Use Cases

The five primary ways organizations use ATT&CK — from adversary emulation to SOC maturity assessments.

The ATT&CK Model

A deep dive into the matrix, technology domains, tactics, techniques, sub-techniques, procedures, and groups.