The MITRE ATT&CK framework is a globally accessible, comprehensive knowledge base of adversary tactics (goals) and techniques (methods) based on real-world observations. The ATT&CK Matrix lists 14 tactics . Reconnaissance: Gathering information to plan attacks. Resource Development: Establishing infrastructure, accounts, or capabilities. Initial Access: Gaining a foothold (e.g., Phishing, T1566). Execution: Running malicious code (e.g., Command and Scripting Interpreter, T1059). Persistence: Maintaining access (e.g., Scheduled Task/Job, T1053). Privilege Escalation: Gaining higher-level permissions. Defense Evasion: Avoiding detection (e.g., Impair Defenses, T1562). Credential Access: Stealing passwords (e.g., OS Credential Dumping, T1003). Discovery: Surveying the network and systems. Lateral Movement: Moving through the environment. Collection: Gathering data of interest. Command and Control: Communicating with compromised systems. Exfiltration: Stealing data.