Tactics, Techniques, and Procedures (TTP)

One min read - 146 words


Tactics, Techniques, and Procedures (TTP) describe real-world adversary behavior and tactics. Tactics describe the adversary objectives and provide a high level notation of an operation. The technological approach including the how is described in the Techniques. Lastly, Procedures represent the specific implementation an adversary utilizes for a technique.

Adversaries must either employ a known technique or expend vast resources to develop novel techniques or procedures. However, based on the target and goals specific techniques cannot be avoided. From a blue team perspective this knowledge will help break the kill chain.

MITRE ATT&CK® is the go to knowledge base for TTPs. ATT&CK covers the two domains Enterprise and Mobile. Enterprise covers behavior against enterprise IT networks and cloud. Mobile focuses on behavior against mobile devices. ATT&CK for ICS describes observed attacker steps targeting industrial control system networks.

Additional Resources