MITRE ATT&CK
@attack.mitre.org
MITRE ATT&CK® - A knowledge base for describing the behavior of adversaries. Replying/Following/Reposting ≠ endorsement.
Pinned
ATT&CK v18: Detection Strategies, More Adversary Insights,
ATT&CK v18 is released with new Detection Strategies, Analytics, and revamped Data Components!
medium.com
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
MITRE ATT&CKcon - ATT&CKcon 6.0 | MITRE ATT&CK®
attack.mitre.org
November 7, 2025 at 6:13 PM
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
ATT&CK v18: Detection Strategies, More Adversary Insights,
ATT&CK v18 is released with new Detection Strategies, Analytics, and revamped Data Components!
medium.com
October 28, 2025 at 2:56 PM
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
🚨Big changes coming to ATT&CK on Tue (10/28) as we improve detections! It you use x_mitre_detection or x_mitre_data_sources, you need to update.
@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
a man in a hooded jacket says " i am once again asking for your attention "
ALT: a man in a hooded jacket says " i am once again asking for your attention "
media.tenor.com
October 23, 2025 at 2:11 PM
🚨Big changes coming to ATT&CK on Tue (10/28) as we improve detections! It you use x_mitre_detection or x_mitre_data_sources, you need to update.
@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
Virtual registration for ATT&CKcon 6.0 is open! We hope you'll chose to join us in person at ATT&CK's home in McLean, VA October 14-15... But if you can't, catch the action for free online by registering at na.eventscloud.com/attackcon6/. Catch all of our talks & some exclusive online only content.
September 3, 2025 at 3:53 PM
Virtual registration for ATT&CKcon 6.0 is open! We hope you'll chose to join us in person at ATT&CK's home in McLean, VA October 14-15... But if you can't, catch the action for free online by registering at na.eventscloud.com/attackcon6/. Catch all of our talks & some exclusive online only content.
The ATT&CKcon 6.0 talk lineup is now live! Check out our fabulous group of speakers, or pick up a ticket to join us October 14-15 in McLean, VA at na.eventscloud.com/attackcon6. Only able to join us virtually? Hang tight, virtual registration opens September 3rd.
August 26, 2025 at 5:06 PM
The ATT&CKcon 6.0 talk lineup is now live! Check out our fabulous group of speakers, or pick up a ticket to join us October 14-15 in McLean, VA at na.eventscloud.com/attackcon6. Only able to join us virtually? Hang tight, virtual registration opens September 3rd.
Are you ready to celebrate National Chocolate Day this October 28th? We will be by releasing ATT&CK v18, our next version of MITRE ATT&CK!
We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
August 19, 2025 at 4:51 PM
Are you ready to celebrate National Chocolate Day this October 28th? We will be by releasing ATT&CK v18, our next version of MITRE ATT&CK!
We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
The ATT&CK team is out at #hackersummercamp and happy to chat, meet up, or just share some stickers. Drop a DM or stop by an appearance if you’re interested in saying hi!
Headed for Vegas for @bsideslv.org, @defcon.bsky.social, and @blackhatevents.bsky.social! I have hundreds of @attack.mitre.org stickers and will be popping up Friday 11am on DEF CON Creator Stage 2 (defcon.org/html/defcon-...), and for a short talk in the AttackIQ BH booth (#5030) Wed 11am.
defcon.org
August 5, 2025 at 2:20 PM
The ATT&CK team is out at #hackersummercamp and happy to chat, meet up, or just share some stickers. Drop a DM or stop by an appearance if you’re interested in saying hi!
In-person ATT&CKcon 6.0 ticket sales are open! Come join us October 14-15 at ATT&CK HQ in McLean, VA. na.eventscloud.com/attackcon6/
We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
ATT&CKcon 6.0
MITRE ATT&CKcon | October 14 - 15, 2025
na.eventscloud.com
July 30, 2025 at 4:01 PM
In-person ATT&CKcon 6.0 ticket sales are open! Come join us October 14-15 at ATT&CK HQ in McLean, VA. na.eventscloud.com/attackcon6/
We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
Tonight's the night! The ATT&CKcon 6.0 CFP will automatically stop accepting submissions at 8pm ET tonight. Historically we get about half of our submissions today, so all you procrastinators are in good company.
Give it your best shot at openconf.org/ATTACKCON2025.
Give it your best shot at openconf.org/ATTACKCON2025.
a man in a black shirt and tie is holding a pen and a notebook and says you 're on my list
ALT: a man in a black shirt and tie is holding a pen and a notebook and says you 're on my list
media.tenor.com
July 9, 2025 at 1:15 PM
Tonight's the night! The ATT&CKcon 6.0 CFP will automatically stop accepting submissions at 8pm ET tonight. Historically we get about half of our submissions today, so all you procrastinators are in good company.
Give it your best shot at openconf.org/ATTACKCON2025.
Give it your best shot at openconf.org/ATTACKCON2025.
We are excited to announce our ATT&CKcon 6.0 keynote, Lillian Teng! Lillian's worn numerous hats in cyber at NCIS, FBI, Yahoo, and Capital One and has served with the KC7 Foundation, GirlSecurity, and LEAP.
Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
July 7, 2025 at 3:02 PM
We are excited to announce our ATT&CKcon 6.0 keynote, Lillian Teng! Lillian's worn numerous hats in cyber at NCIS, FBI, Yahoo, and Capital One and has served with the KC7 Foundation, GirlSecurity, and LEAP.
Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
The MITRE ATT&CKcon 6.0 CFP is now open! Are you interested in joining us on the ATT&CKcon stage in McLean, VA October 14-15, 2025? Pitch us on your best ATT&CK related talk! Our CFP will close on July 9th at 8pm ET sharp, so get those proposals started.
www.openconf.org/ATTACKCON202...
www.openconf.org/ATTACKCON202...
June 3, 2025 at 3:11 PM
The MITRE ATT&CKcon 6.0 CFP is now open! Are you interested in joining us on the ATT&CKcon stage in McLean, VA October 14-15, 2025? Pitch us on your best ATT&CK related talk! Our CFP will close on July 9th at 8pm ET sharp, so get those proposals started.
www.openconf.org/ATTACKCON202...
www.openconf.org/ATTACKCON202...
An old idea that still holds true: Fight the enemy where they aren’t. Threat actors take this advice to heart by avoiding Endpoint Detection and Response solutions and targeting systems that do not generally support EDR such as VMware ESXi hosts.
May 8, 2025 at 12:32 PM
An old idea that still holds true: Fight the enemy where they aren’t. Threat actors take this advice to heart by avoiding Endpoint Detection and Response solutions and targeting systems that do not generally support EDR such as VMware ESXi hosts.
🎣 Get in loser, we’re going phishing.
This week, we’re going to spotlight how Russian threat actors are phishing targets associated with Ukraine and human rights to abuse Microsoft OAuth.
This week, we’re going to spotlight how Russian threat actors are phishing targets associated with Ukraine and human rights to abuse Microsoft OAuth.
April 30, 2025 at 1:22 PM
🎣 Get in loser, we’re going phishing.
This week, we’re going to spotlight how Russian threat actors are phishing targets associated with Ukraine and human rights to abuse Microsoft OAuth.
This week, we’re going to spotlight how Russian threat actors are phishing targets associated with Ukraine and human rights to abuse Microsoft OAuth.
What happens when an adversary successfully compromises a target and then “closes the door” behind them? They gain Exclusive Control, a new technique for ATT&CK v17. Let’s take a closer look: attack.mitre.org/techniques/T...
Exclusive Control, Technique T1668 - Enterprise | MITRE ATT&CK®
attack.mitre.org
April 24, 2025 at 4:59 PM
What happens when an adversary successfully compromises a target and then “closes the door” behind them? They gain Exclusive Control, a new technique for ATT&CK v17. Let’s take a closer look: attack.mitre.org/techniques/T...
ATT&CK v17 is now live! This release includes the first version of the ESXi platform, a pile of defensive upgrades, and fresh content across Enterprise, Mobile, and ICS.
Check out our blog post describing the changes by Amy Robertson & @whatshisface.bsky.social at medium.com/mitre-attack....
Check out our blog post describing the changes by Amy Robertson & @whatshisface.bsky.social at medium.com/mitre-attack....
ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures
By: Amy Robertson and Adam Pennington
medium.com
April 22, 2025 at 3:22 PM
ATT&CK v17 is now live! This release includes the first version of the ESXi platform, a pile of defensive upgrades, and fresh content across Enterprise, Mobile, and ICS.
Check out our blog post describing the changes by Amy Robertson & @whatshisface.bsky.social at medium.com/mitre-attack....
Check out our blog post describing the changes by Amy Robertson & @whatshisface.bsky.social at medium.com/mitre-attack....
🤖 It’s time to look at how adversaries are using ChatGPT to pursue information related to cyber intrusion tools and operations
April 15, 2025 at 5:34 PM
🤖 It’s time to look at how adversaries are using ChatGPT to pursue information related to cyber intrusion tools and operations
🔦 Let’s look closely at an adversary technique grabbing headlines: Medusa ransomware actors are using vulnerable or signed drivers to kill endpoint detection and response tools.
April 10, 2025 at 2:48 PM
🔦 Let’s look closely at an adversary technique grabbing headlines: Medusa ransomware actors are using vulnerable or signed drivers to kill endpoint detection and response tools.
🚪🗝️ Let’s sneak in through the backdoor to peek at more adversary techniques.
Today, we focus on T1059.001: Command-Line Interface: PowerShell, which is being used by a notable APT group to deploy their -- you guessed it -- signature backdoor.
Today, we focus on T1059.001: Command-Line Interface: PowerShell, which is being used by a notable APT group to deploy their -- you guessed it -- signature backdoor.
April 2, 2025 at 1:58 PM
🚪🗝️ Let’s sneak in through the backdoor to peek at more adversary techniques.
Today, we focus on T1059.001: Command-Line Interface: PowerShell, which is being used by a notable APT group to deploy their -- you guessed it -- signature backdoor.
Today, we focus on T1059.001: Command-Line Interface: PowerShell, which is being used by a notable APT group to deploy their -- you guessed it -- signature backdoor.
Today we're launching a new system where the public can help us develop the next ATT&CK release through Macrotechnique Refinement. To start refining FUZZYSNUGGLYDUCK, click here: attack.mitre.org/macro-techni.... Fabulous prizes await success.
April 1, 2025 at 12:44 PM
Today we're launching a new system where the public can help us develop the next ATT&CK release through Macrotechnique Refinement. To start refining FUZZYSNUGGLYDUCK, click here: attack.mitre.org/macro-techni.... Fabulous prizes await success.
🚨It’s time to spotlight more headline-making adversary techniques. Today, a classic behavior seen in multiple global espionage operations: LSASS Credential Dumping attack.mitre.org/versions/v16...
OS Credential Dumping: LSASS Memory, Sub-technique T1003.001 - Enterprise | MITRE ATT&CK®
attack.mitre.org
March 25, 2025 at 1:50 PM
🚨It’s time to spotlight more headline-making adversary techniques. Today, a classic behavior seen in multiple global espionage operations: LSASS Credential Dumping attack.mitre.org/versions/v16...
Celebrate April 22nd with ATT&CK v17!
The next version of ATT&CK is almost here, with new content related to the ESXi hypervisor, broad improvements to defenses, and updates to techniques, groups, and software across the framework.
The next version of ATT&CK is almost here, with new content related to the ESXi hypervisor, broad improvements to defenses, and updates to techniques, groups, and software across the framework.
March 4, 2025 at 4:37 PM
Celebrate April 22nd with ATT&CK v17!
The next version of ATT&CK is almost here, with new content related to the ESXi hypervisor, broad improvements to defenses, and updates to techniques, groups, and software across the framework.
The next version of ATT&CK is almost here, with new content related to the ESXi hypervisor, broad improvements to defenses, and updates to techniques, groups, and software across the framework.
Save the date: ATT&CKcon 6.0 is coming October 14 & 15, 2025 to MITRE's McLean, VA campus and virtually online! We'll post details on tickets and our CFP over the coming months, and at na.eventscloud.com/attackcon6.
ATT&CKcon 6.0
MITRE ATT&CKcon | October 14 - 15, 2025
na.eventscloud.com
February 5, 2025 at 2:11 PM
Save the date: ATT&CKcon 6.0 is coming October 14 & 15, 2025 to MITRE's McLean, VA campus and virtually online! We'll post details on tickets and our CFP over the coming months, and at na.eventscloud.com/attackcon6.
Several members of the ATT&CK team are at the SANS #CTISummit today and tomorrow including ATT&CK Lead @whatshisface.bsky.social, Deputy Lead Amy Robertson, Enterprise Lead Casey Knerr, and Technique connoisseur @patrickhowelloneill.com. Come say hi, and maybe grab some stickers!
January 27, 2025 at 2:16 PM
Several members of the ATT&CK team are at the SANS #CTISummit today and tomorrow including ATT&CK Lead @whatshisface.bsky.social, Deputy Lead Amy Robertson, Enterprise Lead Casey Knerr, and Technique connoisseur @patrickhowelloneill.com. Come say hi, and maybe grab some stickers!
We've had ATT&CKcon 5.0 videos and slides out for a bit now, but our conference archive page is also up now organizing them in one place. Check out all of this year's content, including Lightning and Couch talks or any previous ATT&CKcon.
attack.mitre.org/resources/at...
attack.mitre.org/resources/at...
MITRE ATT&CKcon - ATT&CKcon 5.0 | MITRE ATT&CK®
attack.mitre.org
January 13, 2025 at 2:37 PM
We've had ATT&CKcon 5.0 videos and slides out for a bit now, but our conference archive page is also up now organizing them in one place. Check out all of this year's content, including Lightning and Couch talks or any previous ATT&CKcon.
attack.mitre.org/resources/at...
attack.mitre.org/resources/at...
Multiple members of the ATT&CK team are headed for #shmoocon this weekend! Drop us a line if you’re looking for stickers or just want to say hi.
January 9, 2025 at 9:50 PM
Multiple members of the ATT&CK team are headed for #shmoocon this weekend! Drop us a line if you’re looking for stickers or just want to say hi.