Philosophy Papers: These whitepapers provide an in-depth look at why we created these ATT&CK domains, how we maintain and update them, and what the community commonly uses them for.

  • ATT&CK Design and Philosophy (pdf)

  • ATT&CK for ICS extension (pdf): This document does not represent a comprehensive resource on MITRE ATT&CK. For individuals already familiar with ATT&CK, this document can be viewed as an extension to the ATT&CK Design and Philosophy whitepaper above that highlights unique, as well as some common, aspects of the design and philosophy of ATT&CK for ICS.

Finding Cyber Threats with ATT&CK-Based Analytics: This paper presents a methodology for using ATT&CK to build, test, and refine behavioral-based analytic detection capabilities using adversary emulation.


Other ATT&CK Efforts

Building a community around sharing observations of ATT&CK techniques in the wild.
Plans that showcase the practical use of ATT&CK for offensive operators and defenders.
Evaluations of cybersecurity products using an open methodology based on ATT&CK.


Card image cap

Last updated October 2022

Card image cap
MITRE ATT&CK Matrix Poster

Last updated April 2023

Other Resources