Globally accessible knowledge base of adversary tactics and techniques derived from real-world cyber intrusions, used for threat modeling and defense.

MITRE ATT&CK organizes attacker behavior into matrices (Enterprise, Mobile, ICS) covering tactics like Initial Access, Persistence, and Exfiltration, each with specific techniques and sub-techniques. Security teams map controls to ATT&CK to identify gaps, simulate adversaries in red-team exercises, and tune detection rules. For example, a financial institution might cross-reference recent threat intelligence against ATT&CK techniques to prioritize EDR detections for credential dumping (T1003). The framework is continuously updated with community contributions.