ATT&CK @MITREattack Twitter profile

Last Seen Profiles

@squeekcheek

@felixkroos18

@auzziejlee

@FPL_JD

@koideyasuhiro

@MaximeViancin

@LiaGriffith

@cryptos_ark

@RN_shoulder

@lilarsony

@MayoralRafa

@hibasaurus

@TRETalkRadio

@andulo_nespi

@rbwsnpv

@TomBilyeu

@mrsaal7894

@frailstateofval

@TrumpLost28

@SkeleBunny_

@tribundergi

@Ouest_Bangangte

@rbwsnpv

@stephanfleet

@AllsvenskanSE

@DailyLazuli

@Shiba_Inu_aniki

@samy5400

@hisashi_720522

@Lem3alem04

@komayu06

@kkingdomm

@mustafaashraf45

@StayBryght

@thecribs

@UnionGroveHoops

ATT&CK

@MITREattack

3 years

As we get ready to release ATT&CK for Containers with our April release, we realize that some have gotten the wrong impression of how we’ve scoped Containers. We wanted to share some examples of upcoming groups and techniques starting with our new Ever Given group page.

24

359

966

ATT&CK

@MITREattack

5 years

How do I get started using ATT&CK? No matter how sophisticated your team is, our new blog series can help you figure that out. First up, @likethecoins walks through a couple ideas for how you can use ATT&CK for #threatintel .

Getting Started with ATT&CK: Threat Intelligence

Getting Started with ATT&CK from a Cyber Threat Intelligence Perspective

medium.com

0

286

582

ATT&CK

@MITREattack

3 years

It has launched! ATT&CK v9 is now live with refactored data sources, ATT&CK for Containers, Google Workspace as a platform and more! Read about new data sources and the rest of the update at or for new/changed groups/techniques/sw.

12

272

506

ATT&CK

@MITREattack

4 years

Our beta release of ATT&CK with sub-techniques is now live! We’ve just posted a blog post by @stromcoffee with links to all of the new resources and advice on how to leverage them (). You can also check out the new site itself at .

24

321

511

ATT&CK

@MITREattack

5 years

The April 2019 release of ATT&CK is out including our new Impact tactic! We’ve added 21 techniques (14 in Impact), 8 groups, and 50 software entries. We’ve also made updates to 22 techniques, 31 groups, and 46 software entries.

10

305

478

ATT&CK

@MITREattack

3 years

Wow! Much excite!

10

30

425

ATT&CK

@MITREattack

6 years

We're excited to release results of our first round of ATT&CK Evaluations at ! Check out @FrankDuff 's blog: . Thanks to our initial cohort: @CarbonBlack_Inc @CounterTack @CrowdStrike @EndgameInc @WDSecurity @RSAsecurity @SentinelOne

7

310

422

ATT&CK

@MITREattack

7 years

We've released the ATT&CK Navigator today. It's a tool to help build color coded ATT&CK Matrix visualizations and heat maps, but now with less MS Excel

7

240

392

ATT&CK

@MITREattack

5 years

We’re excited to announce the initial release of ATT&CK for ICS! You can find the ICS knowledge base at and a blog post by @ojalexander explaining what’s new and different here: . Thank you to everyone who helped us get here!

12

254

379

ATT&CK

@MITREattack

5 years

October ATT&CK update is now live! Lots of new information in Enterprise, Mobile, Groups, and Software. The biggest change is the addition of ATT&CK for Cloud! Thanks to all our contributors that helped with this update and with Cloud! Update notes:

8

262

378

ATT&CK

@MITREattack

6 years

We've released a whitepaper detailing ATT&CK's background, the various components of the framework, and our philosophy for maintaining it. As always, feedback is welcome and encouraged.

MITRE ATT&CK: Design and Philosophy | MITRE

This paper lays out the motivation and details of MITRE ATT&CK’s design, creation, and maintenance. It can serve as a guide to ATT&CK itself, as well as a resource for those looking to create...

www.mitre.org

1

223

375

ATT&CK

@MITREattack

5 years

We'd like to announce a new Tactic for Enterprise ATT @CK , "Flailing". We feel that these 10 new techniques describe a number of adversary and red team behaviors previously missing from ATT @CK . New techniques include "Invalid Accounts", "Commonly Blocked Port", "Visible Windows."

15

179

370

ATT&CK

@MITREattack

4 years

Subs have launched! After 3 months in beta, ATT&CK with Sub-Techniques (with some small fixes) has become... ATT&CK (). We've published a new blog post () that includes updates to our crosswalk format and describes what's changed.

10

241

361

ATT&CK

@MITREattack

7 years

CALDERA has been released! We will be presenting the work at #BHEU next week. #adversaryemulation #mitrecorp

GitHub - mitre/caldera: Automated Adversary Emulation Platform

Automated Adversary Emulation Platform. Contribute to mitre/caldera development by creating an account on GitHub.

github.com

6

274

355

ATT&CK

@MITREattack

3 years

It's a v10! Our release of ATT&CK is now live with new data source objects, improvements to macOS/Linux content, and updates across the board. A new blog post describes the changes at or you can go to and score it yourself!

7

185

342

ATT&CK

@MITREattack

6 years

You've been asking, and our #ATTACKcon content is now live! Check out videos here () and slides here (). We've also put out a blog post taking a look back and revealing the results of our voting on techniques:

3

211

328

ATT&CK

@MITREattack

6 years

We're starting a blog series about ATT&CK and it's uses. The first post by @stromcoffee covers the background and basics

1

157

320

ATT&CK

@MITREattack

3 years

(T1850) Non-Standard Port

3

59

307

ATT&CK

@MITREattack

7 years

Is your child texting about ATT&CK? Know the signs: LOL: Loading Offensive Libraries ETA: Exploiting Trusted Accounts SMH: Signing Malicious HTAs WYD: Writing YARA Detections

7

120

301

ATT&CK

@MITREattack

7 years

The Enterprise ATT&CK site has been updated! ATT&CK is now up to 188 techniques Here's a list of changes:

6

204

274

ATT&CK

@MITREattack

4 years

The ATT&CK Evaluations Team just released the APT29 Evaluation results, DIY Eval profile, and a Joystick update on . Check out to learn more about the evaluation process.

ATT&CK Evaluations: Understanding the Newly Released APT29 Results

In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors using an evaluation methodology based on APT29.

medium.com

3

166

270

ATT&CK

@MITREattack

2 years

Deciding which technique to map got you down? Today @CISAgov released an open-source tool to guide you through mapping to ATT&CK. We were happy to provide help and advice in coordination with @MITREcorp 's #HSSEDI . 📰 🔧

GitHub - cisagov/decider: A web application that assists network defenders, analysts, and researc...

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. - cisagov/decider

github.com

4

119

267

ATT&CK

@MITREattack

2 years

Want to buy 100% ATT&CK? Now introducing non-fungible techniques. 💀🚨♥️ Today, 4/1, we’re excited to announce the launch of the Bored ATT&CK Technique Club! We’ll be minting Technique NFTs throughout the day, initial drop ready to go now. 💎🤲

14

62

268

ATT&CK

@MITREattack

7 years

aaaaand it's up! ATT&CK now includes the first version of Mac and Linux techniques.

8

226

254

ATT&CK

@MITREattack

5 years

CALDERA 2.0 is now live at , with support for new platforms, better usability, and an all new Chain mode. If you're at @BSidesCharm today, you can hear all about the new version and see a live demo from @privateducky at 3pm in Track 1.

GitHub - mitre/caldera: Automated Adversary Emulation Platform

Automated Adversary Emulation Platform. Contribute to mitre/caldera development by creating an account on GitHub.

github.com

4

141

258

ATT&CK

@MITREattack

5 years

The present everyone has been asking for is here! We are excited to announce the beta release of TRAM, a tool to aid in mapping reports to ATT&CK. You can find our latest blog with all the details at and the source code at .

4

135

254

ATT&CK

@MITREattack

4 years

In light of an uptick in recent technique submissions, we’d like to announce a new ATT&CK model, ATT&CK for Teleworking. We encourage the community to share Tactic and Technique suggestions via Twitter DM or mention, each must include a procedure in the form of a gif.

23

107

247

ATT&CK

@MITREattack

6 years

To help you see what was new in our April 2018 update, check out the Navigator layer we just added at (green=new and yellow=modified). Read more about the "why" behind the Initial Access change here: @MITREpreattack

5

148

239

ATT&CK

@MITREattack

6 years

For anyone looking to write ATT&CK-based detections, the process @verri3r describes could help: hypothesize, find out what's normal, write, test, peer review, and publish. Also a solid list of ?s to ask about what execution should look like. @redcanaryco

Behind the Scenes with Red Canary’s Detection Engineering Team

We are huge believers in sharing methodologies of how and why we do things. Go behind the scenes with Red Canary's detection engineering team.

redcanary.com

2

98

237

ATT&CK

@MITREattack

7 years

We're releasing an ATT&CK for Enterprise content update next Tuesday 1/16. There may be a bit of downtime. Some highlights: 19 new techniques (now up to 188), nine new groups, 26 new software entries. Many techniques and groups have had content updates

2

149

222

ATT&CK

@MITREattack

4 years

Congrats to @mitrecorp InfoSec on their release of Shield ()! Shield is a knowledge base of active defense and adversary engagement options structured similarly to ATT&CK and linked to ATT&CK techniques. We look forward to seeing how it evolves and grows!

4

112

222

ATT&CK

@MITREattack

6 years

We’re excited to announce that we're hosting ATT&CKcon on Oct. 23-24 @MITREcorp ! Whether you’re using ATT&CK now or thinking about it for the future (or you just like ampersands), this is the con for you. Email us to get on the distro for announcements: ATTACKcon @mitre .org

6

103

219

ATT&CK

@MITREattack

6 years

You can detect more than just C2 & exfil with network logs. Check out BZAR, a collection of @Zeekurity analytics aimed at detecting ATT&CK techniques that leverage RPC & SMB: . Let us know if you want to contribute to BZAR or the Cyber Analytics Repository!

2

108

208

ATT&CK

@MITREattack

6 years

The updates to ATT&CK and @mitrepreattack are out, now with more Initial Access! Check out the update log

0

135

204

ATT&CK

@MITREattack

7 years

We've released the APT3 Adversary Emulation Plan based on ATT&CK. These plans help describe a threat group's behavior for the purposes of testing security. Special thanks to @ckorban , Doug Miller, Adam Pennington, and @its_a_feature_ for their work

0

121

200

ATT&CK

@MITREattack

6 years

We're excited to begin a short beta-test period for the new MITRE ATT&CK website - check it out at . We're also moving the ATT&CK blog over to @Medium and our first new blog describes the website beta release

New ATT&CK™ Website: Beta Release

Written by Richard Struse & Jen Burns

medium.com

1

123

201

ATT&CK

@MITREattack

4 years

Announcing the ATT&CKcon Power Hour! Instead of a 2 day conference, starting Oct 9 we'll be running a series of 90 minute virtual events! The CFP will be opening shortly for your talks on the most practical, aspirational, and things to always avoid with ATT&CK.

1

64

200

ATT&CK

@MITREattack

6 years

You asked, we listened. Our sister project, Cyber Analytics Repository (CAR), was migrated to Github as we start to reinvigorate the project to make it easier to contribute. Check out @jwunder 's blog post () and the new site:

1

91

191

ATT&CK

@MITREattack

5 years

We're excited to see the launch of the Center for Threat-Informed Defense! Rest assured: the Center will help accelerate research around ATT&CK and defense, but ATT&CK will remain free and open to all. You can use and contribute to ATT&CK whether you're a Center member or not.

MITRE

@MITREcorp

5 years

#Cybersecurity challenges transcend individual organizations, fields, and countries. The Center for Threat-Informed Defense is bringing the private sector together to improve cyber defenses for all.

0

30

61

1

70

192

ATT&CK

@MITREattack

5 years

Individual ATT&CKcon 2.0 videos are now up on YouTube! We'll have a page up shortly linking to slides from the conference. Thank you again to all of our speakers for making this possible!

MITRE ATT&CKcon 2.0

www.youtube.com

0

91

191

ATT&CK

@MITREattack

6 years

Today on our shiny new @Medium blog, Andy ( @andyplayse4 ) discusses how you can use a data-driven approach to find related ATT&CK techniques: . As always, we would appreciate your feedback! #threathunting

Finding Related ATT&CK Techniques

Suppose you’re hunting for threats on your network, and you find a suspicious process using wmic.exe. You dive into it a little bit more…

medium.com

0

85

184

ATT&CK

@MITREattack

5 years

The next post in our "Getting Started with ATT&CK" blog series is now live. This week, @jwunder gives pointers on how you can write ATT&CK-based analytics, test them with purple teaming, and use ATT&CK to measure your progress.

Getting Started with ATT&CK: Detection and Analytics

Getting Started with ATT&CK from a detection and analytics perspective

medium.com

0

115

185

ATT&CK

@MITREattack

5 years

The ATT&CK website code is now open sourced! It generates static pages from STIX 2.0 data and can be used to build local copies with custom content using your own STIX bundles. Send PRs if you extend the site in a useful way and want to share!

3

90

182

ATT&CK

@MITREattack

6 years

We recently released v.2.2 of the Navigator. Check out all the new features, like the ability to load multiple layers by default and add your own customized metadata to layers, here -

2

96

180

ATT&CK

@MITREattack

6 years

Docker container to serve up the ATT&CK Navigator thanks to @DavidJBianco

0

80

183

ATT&CK

@MITREattack

7 years

This is a valuable process. Map your detections to ATT&CK, identify gaps in both the detections AND ATT&CK, then feed that back into ATT&CK to improve it for everyone.

Inside the Red Canary Product: Integrating ATT&CK® Techniques

Take a deep dive into the design tradeoffs our engineering team considered when integrating ATT&CK into the Red Canary product interface.

redcanary.com

1

90

183

ATT&CK

@MITREattack

3 years

Now you can generate ATT&CK into a format many of you have asked for, Excel! Our new mitreattack-python pip library contains the Excel generator plus tools for working with ATT&CK Navigator layers.

1

58

176

ATT&CK

@MITREattack

3 years

Get ready, ATT&CK v9 is coming Thursday, April 29th! We've already shared our roadmap for April and October releases () but excited to now have a date.

4

76

173

ATT&CK

@MITREattack

4 years

Ready to fire on all cylinders across the whole adversary lifecycle? ATT&CK v8 is out! It has two new tactics, Reconnaissance and Resource Development, replacing the scope of PRE-ATT&CK. @_whatshisface and @snarejen have written a post about the changes: .

3

78

166

ATT&CK

@MITREattack

7 years

If you're a fan of testing defenses against ATT&CK techniques, you may interested in this contribution to #opensource testing frameworks

Endgame

@EndgameInc

7 years

Endgame launches open-source project to drive adoption of @MITREattack ; allow security teams to test defenses against most advanced attacker behaviors: #redteam #opensource @_devonkerr_

5

89

162

0

88

168

ATT&CK

@MITREattack

2 years

Y'all realize that you don't need to reload all of ATT&CK from our TAXII server several times an hour? We only release twice a year. Love, Our AWS bill

4

31

166

ATT&CK

@MITREattack

3 years

On October 21 (2021) v10 of ATT&CK will arrive! v10 will feature our new Data Sources objects (previewed at ), along with updates to Techniques, Groups, and Software across all of our platforms.

8

65

163

ATT&CK

@MITREattack

7 years

We're excited to announce a new initiative to offer ATT&CK-based evaluations for #EDR products as a way to advance the market. The first-round CFP is open through April 13. Contact us at attackevals @mitre .org for more info or to request participation.

News & Insights | MITRE

Our mission: Solving problems for a safer world. Follow our latest developments, stories, and technical resources.

www.mitre.org

8

84

160

ATT&CK

@MITREattack

6 years

Katie Nickels ( @likethecoins ) gives practical advice for applying ATT&CK to #ThreatIntel in part 2 of her blog post:

Focus Areas | MITRE

We are creating new breakthroughs, fueling opportunity through exploration, and shaping history in real time.

www.mitre.org

2

72

160

ATT&CK

@MITREattack

2 years

We're gearing up to celebrate Windows XP's 21st birthday in style by releasing ATT&CK v12. Watch this space October 25th for the initial release of Campaigns, and updates across ATT&CK for Enterprise, ICS, and Mobile!

3

29

155

ATT&CK

@MITREattack

2 years

Continuing our series on ATT&CK misunderstandings, we'd like to discuss attribution... It may be tempting to attribute groups based on technique usage, but ATT&CK techniques only represent ONE aspect of a group & are generally too broad to produce reliable attribution alone.

4

50

155

ATT&CK

@MITREattack

11 months

Boo, it's an ATT&CK v14! 👻 Come grab full-sized treats from our blog post , release notes , or our detailed change log .

1

65

155

ATT&CK

@MITREattack

5 years

We’re getting a lot of questions on if videos of #ATTACKcon 2.0 talks will be posted. They will, in the not too distant future. We’ve also left the videos of our stream up. Day 1: Day 2: ATT&CKcon 2018:

MITRE ATT&CKcon 2.0 Day Two

Thank you for tuning into Day 2 of MITRE ATT&CKcon 2.0. All conference presentations today, Wednesday, October 30, will be streamed live including online-onl...

www.youtube.com

0

97

154

ATT&CK

@MITREattack

4 years

Looking to automate your ATT&CK Navigator workflow? We recently released fresh Python scripts implementing several Navigator functionalities, including export to Excel! Check it out at .

3

59

150

ATT&CK

@MITREattack

4 years

We are getting very close to our next ATT&CK release and the retirement of PRE-ATT&CK in its current form. ATT&CK for Enterprise will be adding new tactics to take its place, as described by @_whatshisface at ATT&CKcon 2.0 (). Watch this space next Tuesday!

5

55

150

ATT&CK

@MITREattack

2 years

Earlier this week, @CISACyber released updates to their Best Practices for MITRE ATT&CK Mapping guide focusing on avoiding common pitfalls, better representing ATT&CK in reports, and guidance specific to ATT&CK for ICS. Check it out at

1

76

143

ATT&CK

@MITREattack

6 years

We're excited to see @HybridAnalysis mapping sandbox analysis to ATT&CK! This is a great way to give an understanding of malware behavior by using a common language.

Hybrid Analysis

@HybridAnalysis

6 years

[UPDATE] We took on the challenge and now map behavior indicators to the MITRE ATT&CK framework for industry standard visibility into techniques and tactics. Example:

15

109

235

0

81

148

ATT&CK

@MITREattack

6 years

We're trying something new for our next adversary emulation plan on APT29. We invite the community to contribute #threatintel , and then we'll openly publish the plan along with ATT&CK Evaluations results. Check out our blog & send contributions by 3/15:

Open Invitation to Share Cyber Threat Intelligence on APT29 for Adversary Emulation Plan and…

Since we publicly released ATT&CK in 2015, we’ve been working to encourage the community to share information about what adversaries are…

medium.com

2

98

148

ATT&CK

@MITREattack

6 years

Big changes coming in this week's update to better align ATT&CK and @MITREpreattack . We're adding Initial Access to ATT&CK to cover how adversaries gain access to enterprise networks -- it's no longer strictly post-compromise. PRE-ATT&CK's Launch and Compromise will be deprecated

1

97

146

ATT&CK

@MITREattack

2 years

Let's continue our ATT&CK misunderstandings series & discuss procedures. People sometimes assume ATT&CK is trying to cover every possible way a (sub-)technique can be done, but our procedures only cover what we've seen in public reporting tied to Groups, Software, or Campaigns.

7

65

144

ATT&CK

@MITREattack

5 years

For an overview of what ATT&CK is and how to get started using it, check out @likethecoins ' presentation from @Sp4rkCon - "Putting MITRE ATT&CK into Action with What You Have, Where You Are."

Putting MITRE ATT&CK™ into Action with What You Have, Where You Are...

MITRE ATT&CK™ has become widely adopted in the community as a way to frame adversary behaviors and improve defenses. But how can you use it for your team wit...

www.youtube.com

4

50

144

ATT&CK

@MITREattack

4 years

We've been tracking reporting on the recent activity related to UNC2452/Solarigate with an eye to mapping it to ATT&CK and adding new techniques. We've posted and intend to keep up to date on the reports we're tracking but let us know what we're missing. .

0

49

140

ATT&CK

@MITREattack

6 years

ATT&CK is stronger because of the community behind it. To help you understand what contributions and formats we're looking for, here's a short summary: . Thank you to all of our awesome contributors - past, present, and future!

2

62

141

ATT&CK

@MITREattack

5 years

Videos and slides from ATT&CKcon 2.0 have been available since shortly after the conference, but we recently updated our website to make them much easier to find. Everything from ATT&CKcon 2018, and 2.0 can now be found at . #attackcon

0

103

140

ATT&CK

@MITREattack

4 years

We've just made a point release (v8.2) to ATT&CK adding UNC2452 along with several software entries and a few new/updated techniques related to the Solar Winds supply chain injection. We describe the changes in . Thanks to everyone who has contributed!

3

69

134

ATT&CK

@MITREattack

5 years

The team has been working furiously on a few projects that will be dropping soon. We'll be releasing a major update, including a new Impact tactic (destructive techniques, anyone?). Plus, CALDERA will be releasing version 2.0. (who likes dark theme?) We can't wait to share!

7

38

136

ATT&CK

@MITREattack

6 years

You can now tag Sigma rules with ATT&CK tactics, techniques, groups, or software. This is a great step toward expressing detection in a common language!

Thomas Patzke

@blubbfiction

6 years

We extended Sigma with rule tagging: And defined some tags for ATT&CK classification of Sigma rules: Filtering of tags in the Sigma Converter will follow soon!

3

29

50

3

76

135

ATT&CK

@MITREattack

6 years

Sub-techniques, a new tactic, a new approach to mitigations, a hint about ATT&CKcon 2019, and more. Check out @jwunder 's post on where we've been in 2018 and where we're hoping to go in 2019.

ATT&CKing 2019

Summarizing where we’ve been in 2018 and where we’re hoping to go in 2019 for ATT&CK.

medium.com

1

76

134

ATT&CK

@MITREattack

6 years

Navigator Version 2 has been released! Richard Struse discusses some of the new features here:

0

77

135

ATT&CK

@MITREattack

7 years

The slides from the CALDERA presentation at #BHEU have been posted

2

76

134

ATT&CK

@MITREattack

4 years

We just released a blog post jointly written by ATT&CK for ICS Lead @ojalexander and @Mandiant . It explores a visualization drawing on both the ATT&CK for Enterprise and ICS knowledge bases to describe an adversary operating across both. Check it out at .

In Pursuit of a Gestalt Visualization: Merging MITRE ATT&CK® for Enterprise and ICS to Communicate

A joint post exploring leveraging ATT&CK for Enterprise and ICS together in a visualization.

medium.com

2

58

129

ATT&CK

@MITREattack

5 years

The final post in our "Getting Started with ATT&CK" blog series is out! This time @andyplayse4 guides you through using ATT&CK to assess your SOC and engineer new defenses.

Getting Started with ATT&CK: Assessments and Engineering

Getting Started with ATT&CK from an assessment and engineering perspective

medium.com

1

74

130

ATT&CK

@MITREattack

3 years

(T1822) Remote Container Discovery

1

28

131

ATT&CK

@MITREattack

3 years

Kudos to @NCSC , @NSAGov , @CISAgov , and @FBI for some best-practices use of ATT&CK in reporting on recent intrusion activity by .

Cybersecurity and Infrastructure Security Agency

@CISAgov

3 years

We released a joint advisory with @NCSC , @NSAgov & @FBI on recommended detection and mitigation of SVR activity following the attribution of the SolarWinds compromise. We recommend all stakeholders check their networks for indicators of compromise:

3

71

114

3

38

131

ATT&CK

@MITREattack

6 years

Interested in the ATT&CK whitepaper but don't have time to read a 27 page PDF? Check out the blog post about it by @stromcoffee

Design and Philosophy of ATT&CK by Blake Strom

mitre.org

0

69

132

ATT&CK

@MITREattack

4 years

In collaboration with research partners, our friends at the Center for Threat-Informed Defense have released the Adversary Emulation Library (). Check out the first emulation plan, which focuses on FIN6 ().

GitHub - center-for-threat-informed-defense/adversary_emulation_library: An open library of...

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs. - GitHub - center-for-threat-informed-defense/adversary_emulation_li...

github.com

0

42

131

ATT&CK

@MITREattack

5 years

Looking to up your game on using ATT&CK for #CTI ? @likethecoins and @_whatshisface recently recorded the ATT&CK for CTI training that they created and taught to multiple audiences over the past year. Exercises and links to the videos are now up at .

3

73

127

ATT&CK

@MITREattack

5 years

With any big change to ATT&CK, we want the community's feedback to make sure we're on the right track. @stromcoffee wrote up our plans for sub-techniques and what the changes might entail . Love it? Hate it? Let us know!

5

54

124

ATT&CK

@MITREattack

3 years

Looking for some free ATT&CK training? Last week, @MITREengenuity launched the MITRE ATT&CK Defender program with training created by members of the ATT&CK team. Check out ATT&CK Fundamentals, ATT&CK SOC Assessments, and ATT&CK for CTI via @cybraryIT at !

0

48

126

ATT&CK

@MITREattack

10 months

Curious about how ATT&CK maps to sensor logs? Our Defensive lead @LexOnTheHunt led a @MITREengenuity team to map ATT&CK data sources & data components to events in: 🪵 Auditd 🪵CloudTrail 🪵OSQuery 🪵Sysmon 🪵WinEvtx 🪵ZEEK Check it out at !

3

53

125

ATT&CK

@MITREattack

7 years

Interested in seeing CALDERA in action? We just posted a demo video:

3

65

126

ATT&CK

@MITREattack

5 years

Our next Getting Started with ATT&CK blog post is out, and this one was a team effort by @stromcoffee , @teschulz , and @likethecoins . Check out their advice on using ATT&CK for Adversary Emulation & Red Teaming and improving your defenses.

Getting Started with MITRE ATT&CK: Adversary Emulation and Red Teaming

Getting Started with ATT&CK from an adversary emulation perspective

medium.com

1

65

124

ATT&CK

@MITREattack

4 years

As a part of ATT&CK v8, we also released ATT&CK for ICS in STIX (), and a new version of the ATT&CK Navigator where you can pick your domain (including ICS) and version of ATT&CK ()! TAXII support for ICS is coming soon.

2

47

122

ATT&CK

@MITREattack

2 years

We're releasing ATT&CK on the perfect date! Put on your light jacket and jump into structured detections, subs for mobile beta, and ICS on our main site. Changelog is up at and @_whatshisface & @JasonAjmo describe what's new in .

5

65

120

ATT&CK

@MITREattack

2 years

We've now crossed a number of items off our 2022 todo list with the release of ATT&CK v11 earlier this week! If you haven't checked it out yet, take a look at what's new at and what else is coming this year in our 2022 roadmap .

1

33

119

ATT&CK

@MITREattack

4 years

Coinciding with @jamieantisocial 's and his #ThreatHuntingSummit talk, we've just released part 1 of a blog series by ATT&CK team member @Cyb3rPandaH on a proposed method of enhancing an often overlooked part of ATT&CK, data sources. Check it out at .

4

72

119

ATT&CK

@MITREattack

5 years

We're completely full in-person for #ATTACKcon 2.0 but we are once again going to be streaming the entire conference live (as well as some online-only exclusives) for free! Sign up at to join us virtually.

4

54

121

ATT&CK

@MITREattack

5 years

Sub-techniques aren’t there yet, but we’re getting close! @stromcoffee wrote an update blog post about how sub-techniques are coming along that previews two tactics, Credential Access and Lateral Movement, and responds to much of your great feedback!

Sub-Technique Update Part Deux

Sub-techniques are coming… soon!

medium.com

1

52

120

ATT&CK

@MITREattack

3 years

(T1857) Exfiltration Over Air-Gap

1

18

122

ATT&CK

@MITREattack

6 months

We hear you that doing the MITRE is hard! Today we're launching a MITRE training bootcamp to help you all get your & on. First up: Achieve 100% coverage! Head on over to and play for that 100% MITRE coverage everyone's been bragging about!

4

37

121

ATT&CK

@MITREattack

3 years

Power up your layers with the release of ATT&CK Navigator v4.4! We've added a new workflow for upgrading a nav layer that lets you see and respond to changed techniques, and combined search and multi-select into a more powerful UI. Check out new version at

8

40

117

ATT&CK

@MITREattack

4 years

Wow, 40k followers! Thanks to everyone in the community who have helped us get ATT&CK to where it is today. We're humbled by these last five years, and look forward to working with many more of you in the future!

7

13

119

ATT&CK

@MITREattack

3 years

ATT&CK Evaluations just released their 2020 Carbanak & FIN7 Evaluation results and emulation plan, as well as major updates to results format on . Check out to learn more about everything that is now available.

3

50

117

ATT&CK

@MITREattack

5 years

We’ve released an update to the ATT&CK Evaluations site (), including additional Round 2 info, a Technique Comparison Tool for cross-vendor analysis, and @PaloAltoNtwks ’s Round 1 results. Check out @FrankDuff 's post for highlights:

ATT&CK Evaluations Site Update: Round 2 Methodology and Technique Comparison Tool

We are happy to share details about Round 2 ATT&CK Evaluations as well as a new technique comparison tool.

medium.com

0

60

114

ATT&CK

@MITREattack

7 years

A malware sandbox with behavioral analysis linked to ATT&CK techniques - very cool use of the model!

0

52

112