MITRE ATT&CK
@attack.mitre.org
MITRE ATT&CK® - A knowledge base for describing the behavior of adversaries. Replying/Following/Reposting ≠ endorsement.
Pinned
MITRE ATT&CK
@attack.mitre.org
· Oct 28
ATT&CK v18: Detection Strategies, More Adversary Insights,
ATT&CK v18 is released with new Detection Strategies, Analytics, and revamped Data Components!
medium.com
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
An exciting role of the ATT&CK team is getting to engage with the community. As today's kids are increasingly plugged into technologies, cybersecurity education for them is increasingly important too--and our leadership has been doing just that. www.mitre.org/news-insight...
Introducing Cybersecurity to the Most Connected Generation | MITRE
MITRE’s cyber experts present the ATT&CK® framework to young people as an entrée into cybersecurity.
www.mitre.org
December 11, 2025 at 5:58 PM
An exciting role of the ATT&CK team is getting to engage with the community. As today's kids are increasingly plugged into technologies, cybersecurity education for them is increasingly important too--and our leadership has been doing just that. www.mitre.org/news-insight...
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
MITRE ATT&CKcon - ATT&CKcon 6.0 | MITRE ATT&CK®
attack.mitre.org
November 7, 2025 at 6:13 PM
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
ATT&CK v18: Detection Strategies, More Adversary Insights,
ATT&CK v18 is released with new Detection Strategies, Analytics, and revamped Data Components!
medium.com
October 28, 2025 at 2:56 PM
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
🚨Big changes coming to ATT&CK on Tue (10/28) as we improve detections! It you use x_mitre_detection or x_mitre_data_sources, you need to update.
@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
a man in a hooded jacket says " i am once again asking for your attention "
ALT: a man in a hooded jacket says " i am once again asking for your attention "
media.tenor.com
October 23, 2025 at 2:11 PM
🚨Big changes coming to ATT&CK on Tue (10/28) as we improve detections! It you use x_mitre_detection or x_mitre_data_sources, you need to update.
@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
Virtual registration for ATT&CKcon 6.0 is open! We hope you'll chose to join us in person at ATT&CK's home in McLean, VA October 14-15... But if you can't, catch the action for free online by registering at na.eventscloud.com/attackcon6/. Catch all of our talks & some exclusive online only content.
September 3, 2025 at 3:53 PM
Virtual registration for ATT&CKcon 6.0 is open! We hope you'll chose to join us in person at ATT&CK's home in McLean, VA October 14-15... But if you can't, catch the action for free online by registering at na.eventscloud.com/attackcon6/. Catch all of our talks & some exclusive online only content.
The ATT&CKcon 6.0 talk lineup is now live! Check out our fabulous group of speakers, or pick up a ticket to join us October 14-15 in McLean, VA at na.eventscloud.com/attackcon6. Only able to join us virtually? Hang tight, virtual registration opens September 3rd.
August 26, 2025 at 5:06 PM
The ATT&CKcon 6.0 talk lineup is now live! Check out our fabulous group of speakers, or pick up a ticket to join us October 14-15 in McLean, VA at na.eventscloud.com/attackcon6. Only able to join us virtually? Hang tight, virtual registration opens September 3rd.
Want to learn even more detail about v18? We'll be covering it in depth at ATT&CKcon 6.0 October 14-15. In-person tickets are onsite now at na.eventscloud.com/attackcon6, with virtual registration coming in early September.
ATT&CKcon 6.0
MITRE ATT&CKcon | October 14 - 15, 2025
na.eventscloud.com
August 19, 2025 at 4:51 PM
Want to learn even more detail about v18? We'll be covering it in depth at ATT&CKcon 6.0 October 14-15. In-person tickets are onsite now at na.eventscloud.com/attackcon6, with virtual registration coming in early September.
Are you ready to celebrate National Chocolate Day this October 28th? We will be by releasing ATT&CK v18, our next version of MITRE ATT&CK!
We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
August 19, 2025 at 4:51 PM
Are you ready to celebrate National Chocolate Day this October 28th? We will be by releasing ATT&CK v18, our next version of MITRE ATT&CK!
We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
The ATT&CK team is out at #hackersummercamp and happy to chat, meet up, or just share some stickers. Drop a DM or stop by an appearance if you’re interested in saying hi!
Headed for Vegas for @bsideslv.org, @defcon.bsky.social, and @blackhatevents.bsky.social! I have hundreds of @attack.mitre.org stickers and will be popping up Friday 11am on DEF CON Creator Stage 2 (defcon.org/html/defcon-...), and for a short talk in the AttackIQ BH booth (#5030) Wed 11am.
defcon.org
August 5, 2025 at 2:20 PM
The ATT&CK team is out at #hackersummercamp and happy to chat, meet up, or just share some stickers. Drop a DM or stop by an appearance if you’re interested in saying hi!
In-person ATT&CKcon 6.0 ticket sales are open! Come join us October 14-15 at ATT&CK HQ in McLean, VA. na.eventscloud.com/attackcon6/
We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
ATT&CKcon 6.0
MITRE ATT&CKcon | October 14 - 15, 2025
na.eventscloud.com
July 30, 2025 at 4:01 PM
In-person ATT&CKcon 6.0 ticket sales are open! Come join us October 14-15 at ATT&CK HQ in McLean, VA. na.eventscloud.com/attackcon6/
We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
Tonight's the night! The ATT&CKcon 6.0 CFP will automatically stop accepting submissions at 8pm ET tonight. Historically we get about half of our submissions today, so all you procrastinators are in good company.
Give it your best shot at openconf.org/ATTACKCON2025.
Give it your best shot at openconf.org/ATTACKCON2025.
a man in a black shirt and tie is holding a pen and a notebook and says you 're on my list
ALT: a man in a black shirt and tie is holding a pen and a notebook and says you 're on my list
media.tenor.com
July 9, 2025 at 1:15 PM
Tonight's the night! The ATT&CKcon 6.0 CFP will automatically stop accepting submissions at 8pm ET tonight. Historically we get about half of our submissions today, so all you procrastinators are in good company.
Give it your best shot at openconf.org/ATTACKCON2025.
Give it your best shot at openconf.org/ATTACKCON2025.
Wondering about tickets for ATT&CKcon 6.0? Details are coming soon.
July 7, 2025 at 3:02 PM
Wondering about tickets for ATT&CKcon 6.0? Details are coming soon.
We are excited to announce our ATT&CKcon 6.0 keynote, Lillian Teng! Lillian's worn numerous hats in cyber at NCIS, FBI, Yahoo, and Capital One and has served with the KC7 Foundation, GirlSecurity, and LEAP.
Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
July 7, 2025 at 3:02 PM
We are excited to announce our ATT&CKcon 6.0 keynote, Lillian Teng! Lillian's worn numerous hats in cyber at NCIS, FBI, Yahoo, and Capital One and has served with the KC7 Foundation, GirlSecurity, and LEAP.
Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
Looking to attend in-person or virtually? Hang tight, ticket sales will be announced in the coming months.
June 3, 2025 at 3:11 PM
Looking to attend in-person or virtually? Hang tight, ticket sales will be announced in the coming months.
Interested in sponsoring ATT&CKcon? We have a couple slots left, and you can find out more at na.eventscloud.com/attackcon6.
ATT&CKcon 6.0
MITRE ATT&CKcon | October 14 - 15, 2025
na.eventscloud.com
June 3, 2025 at 3:11 PM
Interested in sponsoring ATT&CKcon? We have a couple slots left, and you can find out more at na.eventscloud.com/attackcon6.
We're looking for what's practical, what's aspirational, and what you should never ever do with ATT&CK. We're looking to hear from the community on any and all applications of ATT&CK. From managers to operators, if you're using ATT&CK we want to hear from you.
June 3, 2025 at 3:11 PM
We're looking for what's practical, what's aspirational, and what you should never ever do with ATT&CK. We're looking to hear from the community on any and all applications of ATT&CK. From managers to operators, if you're using ATT&CK we want to hear from you.
The MITRE ATT&CKcon 6.0 CFP is now open! Are you interested in joining us on the ATT&CKcon stage in McLean, VA October 14-15, 2025? Pitch us on your best ATT&CK related talk! Our CFP will close on July 9th at 8pm ET sharp, so get those proposals started.
www.openconf.org/ATTACKCON202...
www.openconf.org/ATTACKCON202...
June 3, 2025 at 3:11 PM
The MITRE ATT&CKcon 6.0 CFP is now open! Are you interested in joining us on the ATT&CKcon stage in McLean, VA October 14-15, 2025? Pitch us on your best ATT&CK related talk! Our CFP will close on July 9th at 8pm ET sharp, so get those proposals started.
www.openconf.org/ATTACKCON202...
www.openconf.org/ATTACKCON202...
And make sure to check out the ESXi material on ATT&CK including T1675 cloud.google.com/blog/topics/...
And see the entire ATT&CK v17 release for more information medium.com/mitre-attack...
And see the entire ATT&CK v17 release for more information medium.com/mitre-attack...
May 8, 2025 at 12:32 PM
And make sure to check out the ESXi material on ATT&CK including T1675 cloud.google.com/blog/topics/...
And see the entire ATT&CK v17 release for more information medium.com/mitre-attack...
And see the entire ATT&CK v17 release for more information medium.com/mitre-attack...
Read up on Google’s reporting: cloud.google.com/blog/topics/...
VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors | Mandiant | Google Cloud Blog
cloud.google.com
May 8, 2025 at 12:32 PM
Read up on Google’s reporting: cloud.google.com/blog/topics/...
Google’s reporting details UNC3886, Chinese cyber espionage group, using a zero-day vulnerability that enabled the execution of privileged commands across guest virtual machines without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs.
May 8, 2025 at 12:32 PM
Google’s reporting details UNC3886, Chinese cyber espionage group, using a zero-day vulnerability that enabled the execution of privileged commands across guest virtual machines without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs.
T1675 describes activity in which an adversary abuses ESXi admin services to execute commands on guest machines.
May 8, 2025 at 12:32 PM
T1675 describes activity in which an adversary abuses ESXi admin services to execute commands on guest machines.
One of the big updates for ATT&CK v17 was the new platform ESXi which reflects the rise in attacks on virtualization infrastructure. The technique we’re spotlighting today is new to ATT&CK: T1675 ESXi Administration Command attack.mitre.org/techniques/T...
ESXi Administration Command, Technique T1675 - Enterprise | MITRE ATT&CK®
attack.mitre.org
May 8, 2025 at 12:32 PM
One of the big updates for ATT&CK v17 was the new platform ESXi which reflects the rise in attacks on virtualization infrastructure. The technique we’re spotlighting today is new to ATT&CK: T1675 ESXi Administration Command attack.mitre.org/techniques/T...
We’re currently reading Google’s reporting on VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors cloud.google.com/blog/topics/...
VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors | Mandiant | Google Cloud Blog
cloud.google.com
May 8, 2025 at 12:32 PM
We’re currently reading Google’s reporting on VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors cloud.google.com/blog/topics/...
An old idea that still holds true: Fight the enemy where they aren’t. Threat actors take this advice to heart by avoiding Endpoint Detection and Response solutions and targeting systems that do not generally support EDR such as VMware ESXi hosts.
May 8, 2025 at 12:32 PM
An old idea that still holds true: Fight the enemy where they aren’t. Threat actors take this advice to heart by avoiding Endpoint Detection and Response solutions and targeting systems that do not generally support EDR such as VMware ESXi hosts.
Read Volexity’s reporting here www.volexity.com/blog/2025/04... and be sure to browse the relevant procedures, mitigations, and detections at the ATT&CK technique page: attack.mitre.org/techniques/T...
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows
Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) acco...
www.volexity.com
April 30, 2025 at 1:22 PM
Read Volexity’s reporting here www.volexity.com/blog/2025/04... and be sure to browse the relevant procedures, mitigations, and detections at the ATT&CK technique page: attack.mitre.org/techniques/T...