ATT&CK

The Adversarial Tactics, Techniques, and Common Knowledge or MITRE ATT&CK is a guideline for classifying and describing cyberattacks and intrusions. It was created by the Mitre Corporation and released in 2013.

Rather than looking at the results of an attack (aka an indicator of compromise (IoC)), it identifies tactics that indicate an attack is in progress. Tactics are the “why” of an attack technique.

The framework consists of 14 tactics categories consisting of "technical objectives" of an adversary. Examples include privilege escalation and command and control. These categories are then broken down further into specific techniques and sub-techniques.

The framework is an alternative to the Cyber Kill Chain developed by Lockheed Martin.

ATT&CK Matrix for Enterprise
The ATT&CK Matrix for Enterprise is a comprehensive framework that is presented as a kanban board-style diagram. It defines 14 categories of tactics, techniques and procedures (TTPs) used by cybercriminals with the associated techniques and sub-techniques.

Reconnaissance
Reconnaissance is the initial stage of information gathering for an eventual cyberattack.

There are 10 techniques – including the use of network scanning, social engineering and Open-source intelligence (OSINT).