What is the MITRE ATT&CK framework?

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It organizes attacker behavior into: Tactics: the adversary's goal (why) — 14 tactics including Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Exfiltration, Impact. Techniques: how the goal is achieved (what) — 200+ techniques with sub-techniques. Procedures: specific implementations (how particular groups implement techniques). Use cases: Detection engineering (writing detection rules for known techniques), red team planning (simulating adversary TTPs), purple teaming (red and blue teams collaborating), gap analysis (identify coverage gaps), threat intelligence mapping (attribute activity to known APT groups). ATT&CK Navigator visualizes coverage. Essential knowledge for SOC analysts, threat hunters, and red teamers.