TheĀ ATT&CK framework, developed by Mitre Corp., has been around for five years and is a living, growing document of threat tactics and techniques that have been observed from millions of attacks on enterprise networks. The funky acronym stands for Adversarial Tactics, Techniques, and Common Knowledge. It began as an internal project and morphed into this behemoth of a public knowledge base. In this post for CSOonline, I discuss what ATT&CK is, how it can be used, and how some of theĀ numerous security vendors and consultants have picked up on using it.