Authored by: PlexTrac Author Posted on: May 1, 2020 MITRE ATT&CK® Framework: Defined and Outlined According to the MITRE website, “MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.” Basically, this deep catalog of hackers’ tools of the trade is a fount of cybersecurity knowledge. The ATT&CK® framework can lay the foundation for offensive and defensive strategies in cybersecurity. The ATT&CK® Gold Standard Developed by MITRE, a non-profit think tank that manages federally funded research and development centers (FFRDCs), the open source ATT&CK® framework is becoming the gold standard for cybersecurity strategy. The acronym stands for Adversarial Tactics, Techniques & Common Knowledge. The framework has undergone several iterations but continues to seek to be as comprehensive of a paradigm for understanding and cataloging cyber threats as is possible. MITRE actively seeks contributions to the framework from practitioners to keep it current and just released a beta-version with sub-techniques this year. Three matrices are available: Enterprise ATT&CK®, Pre-ATT&CK®, and Mobile ATT&CK®. The 12 MITRE ATT&CK® Tactics The ATT&CK® Framework consists of 12 tactics. These are often considered the “why” part of the equation. Each tactic represents an objective that the attacker wishes to achieve in their current step of compromise (ex: achieving “Initial Access” to a network, server, etc.). These 12 tactics are defined and outlined below (to see official definitions and additional information, visit MITRE’s website here): Initial Access: Techniques that use various entry vectors to gain their initial foothold within a network. Execution: Techniques that result in adversary-controlled code running on a local or remote system. Persistence: Techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off access. Privilege Escalation: Techniques adversaries use to gain higher-level permissions on a system or network. Defense Evasion: Techniques that adversaries use to avoid detection throughout their compromise. Credential Access: Techniques for stealing credentials like account names and passwords. Discovery: Techniques an adversary may use to gain information about the system and internal network. Lateral Movement: Techniques adversaries use to enter and control remote systems on a network. Collection: Techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary’s objectives. Command and Control: Techniques adversaries use to communicate with systems under their control within a victim network. Exfiltration: Consists of techniques that adversaries may use to steal data from your network. Impact: The techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Why the ATT&CK® Framework is Valuable The ATT&CK matrices serve public and private enterprises as foundations of knowledge for modeling threats and methodologies. PlexTrac CEO, Dan DeCloss says, “We love to reference the MITRE ATT&CK® framework because it breaks everything down based on the attack lifestyle, which, at the end of the day, is what we are really trying to do—identify issues that crop up in each of those different tactics.” All that collected and aggregated information gives both red and blue teams extensive knowledge to plan assessments, and knowledge is power. But effectively using the power available in the ATT&CK® knowledge base takes work. PlexTrac helps manage and aggregate the data produced when following the ATT&CK® framework so teams can better collaborate. Using PlexTrac with MITRE ATT&CK® can take cybersecurity team to the next level with a purple teaming paradigm. References https://attack.mitre.org https://digitalguardian.com/blog/what-mitre-attck-framework PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.
Bridging Red and Blue Teams With Automated Pentest Delivery For decades, security programs have been shaped by a familiar dynamic: red team versus blue team. Red teams think like attackers, probing systems through attack simulation to uncover weaknesses. Blue teams defend, detect, and respond, working to validate vulnerabilities, remediate risk, and keep the business running. In theory, this tension is healthy. In practice, it often creates friction. READ ARTICLE
The Most Popular Penetration Testing Tools in 2026: 30 Products to Support Your Pentesting Efforts This Year Penetration testing is a crucial part of cybersecurity and involves finding and exploiting vulnerabilities in networks, applications, systems, or physical environments before the bad actors can. Penetration testing also plays a key role in continuous threat exposure management. Point-in-time testing is no longer enough, and continuous penetration testing is key to effectively identifying and mitigating... READ ARTICLE
The Operational Gap Between Pentest Reports and Real Remediation Most security teams invest in pentesting with the expectation that it will lead to real risk reduction. Skilled testers identify meaningful attack paths, validate impact, and provide remediation guidance that is technically sound. In most organizations, the quality of the pentest itself is not the problem. The friction starts after the report is delivered. Security... READ ARTICLE