Skip to Main Content
August 22, 2019

Top 10 MITRE ATT&CK™ Techniques

Written by Rick Yocum
Attack Path Effectiveness Review Program Assessment & Compliance

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework ( is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” One of the most beautiful parts of the MITRE ATT&CK™ Framework is that its information can be analyzed to answer a wide variety of different questions.

For instance, MITRE ATT&CK™ can be used to:

For context, MITRE defines tactics as the “why” of an attack—the objective they are looking to achieve, or the reasons for performing a particular action. For example, a tactic would be to evade detection or avoid defenses. It defines techniques as the “how” to accomplish those tactical objectives. An example here would be account manipulation, possibly by modifying permissions or credentials to subvert security policies in place.

When aligning a defensive program to ATT&CK™, it can be somewhat overwhelming as there are over 220 techniques currently addressed. One of the ways that TrustedSec has recently been helping organizations use the MITRE ATT&CK™ framework is to understand which techniques are most commonly used by the known threat groups that target their particular industry. Organizations are then able to leverage this information to ensure that their security programs are addressing the techniques most commonly used to target their peer organizations.

To give you an idea, here are the Top 10 Techniques & Associated Tactics across all industries. And while a security program that only addresses these techniques will be very weak, a strong security program will ensure that these techniques are addressed as part of a larger, comprehensive approach for securing organizational assets.

TechniqueAssociated Tactic(s)
Command-Line InterfaceExecution
Standard Application Layer ProtocolCommand and Control
Registry Run Keys / Startup FolderPersistence
Process DiscoveryDiscovery
File and Directory DiscoveryDiscovery
System Information DiscoveryDiscovery
Input CaptureCredential AccessCollection
Remote File CopyLateral MovementCommand and Control
Obfuscated Files or InformationDefense Evasion
Credential DumpingCredential Access

Although adversarial groups often favor specific targets and techniques, it is worth noting that these groups frequently adjust their goals and methods. Because of this, it is important for organizations to build programs that are designed to comprehensively protect themselves from the large and increasing number of threats. However, the top ten is a great place to start!

  • Want to better understand the MITRE ATT&CK™ Framework or our methodology?
  • Want to understand the techniques most commonly used to target organizations in your industry?
  • Want to ensure that your protective and detective controls are operating effectively?

We can help! Contact us to start the conversation!