The Holy Bible of Threat Intelligence: Learn the art of Actionable Intelligence

Adam Goss
10 min readFeb 20, 2023

Hey friend, welcome back!

Today we will be delving into the MITRE ATT&CK framework.

This framework is the holy bible of cyber threat intelligence. It provides a common language for describing and categorizing adversarial tactics, techniques, and procedures (TTPs) based on real-world observations. It was created by MITRE Corporation, a not-for-profit organization that operates federally funded research and development centers.

The ATT&CK framework is used to analyze and understand the tactics and techniques that threat actors use to compromise, infiltrate, and exfiltrate information from a system or network. The framework consists of a matrix that lists various tactics and techniques used by attackers, such as initial access, persistence, privilege escalation, and exfiltration. In recent years, the initial matrix has been separated into three matrices that cover Enterprises, Mobile, and ICS (Industrial Control Systems). These matrices list the specific TTPs threat actors will use in each respective domain. We will focus on the Enterprise version of the framework because it is the most widely used by security professionals. That said, I encourage you to check out the Mobile and ICS versions if you have an interest in these fields.

--

--

Adam Goss
Adam Goss

Written by Adam Goss

Helping demystify cyber threat intelligence for businesses and individuals | CTI | Threat Hunting | Custom Tooling