Skip to content
Log in

TTP (Tactics, Techniques, and Procedures)

Definition

The full description of how an adversary operates. Tactics are goals, techniques are methods, and procedures are the specific implementation details, such as the exact PowerShell command a group uses. ATT&CK codifies TTPs from observed attacks.

Related terms

ATT&CK Navigator
A free, browser-based visualisation tool from MITRE that renders the ATT&CK matrix as an interactive heat map. Teams use it to annotate...
Sub-technique
A finer-grained variation of a technique, identified with a decimal suffix such as T1059.001 for PowerShell under the Command and Scripting Interpreter...
Tactic
The adversary's high-level objective at a given stage of the attack: for example, Initial Access, Execution, Persistence, Privilege Escalation, or Exfiltration. ATT&CK...
Technique
A specific method an adversary uses to achieve a tactic. Each technique has a unique identifier such as T1059 (Command and Scripting...
Threat group profile
An ATT&CK entry for a named threat actor, listing the techniques attributed to that group based on public reporting. Analysts use group...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account