Technique
Definition
A specific method an adversary uses to achieve a tactic. Each technique has a unique identifier such as T1059 (Command and Scripting Interpreter). Techniques answer the question of how an attacker achieves their goal.
Related terms
- Tactic
- The adversary's high-level objective at a given stage of the attack: for example, Initial Access, Execution, Persistence, Privilege Escalation, or Exfiltration. ATT&CK...
- ATT&CK Navigator
- A free, browser-based visualisation tool from MITRE that renders the ATT&CK matrix as an interactive heat map. Teams use it to annotate...
- Credential dumping
- Extraction of authentication credentials from operating system memory, the Windows SAM database, Active Directory, or credential stores. Tools such as Mimikatz target...
- Lateral movement
- Attacker activity after initial compromise in which the threat actor traverses from one internal system to another, typically to escalate privileges, access...
- Living-off-the-land (LotL)
- An attack approach where the adversary uses tools and binaries already present on the target system, such as PowerShell, WMI, certutil, or...
- MITRE ATT&CK
- A publicly available knowledge base of adversary tactics, techniques, and procedures derived from real-world intrusion observations. Maintained by the MITRE Corporation. Techniques...
- Sub-technique
- A finer-grained variation of a technique, identified with a decimal suffix such as T1059.001 for PowerShell under the Command and Scripting Interpreter...
- Threat group profile
- An ATT&CK entry for a named threat actor, listing the techniques attributed to that group based on public reporting. Analysts use group...
- TTP (Tactics, Techniques, and Procedures)
- The full description of how an adversary operates. Tactics are goals, techniques are methods, and procedures are the specific implementation details, such...
Explained in these topics
- Common Attack Techniques and Tactics, Techniques and ProceduresThe specific method used to achieve a tactic. For example, the tactic Credential Access can be achieved by the technique OS Credential Dumping (T1003). A singl...
- MITRE ATT&CK in Threat Hunting and Incident ResponseA specific method an adversary uses to achieve a tactic. Each technique has a unique identifier such as T1059 (Command and Scripting Interpreter). Techniques a...