MITRE ATT&CK is a structured framework for describing attacker behaviour. Rather than cataloguing vulnerabilities, it catalogues tactics and techniques (such as credential access, privilege escalation, lateral movement, and command and control) based on observed real-world adversary tradecraft.
The framework is organised into tactics, which represent an attacker’s objective at a given stage, and techniques, which describe how that objective is achieved. For example, “Credential Access” is a tactic, while password spraying, Kerberoasting, or dumping credentials from memory are techniques that may sit beneath it. This makes ATT&CK useful for mapping security findings and detections to how an actual intrusion unfolds.
For defenders, ATT&CK provides a common language that bridges security operations, detection engineering, threat intelligence, and offensive testing. Instead of saying that a finding is serious, teams can describe the exact attacker behaviour that it enables and can identify where they do or do not have coverage. For offensive security teams, ATT&CK is helpful for reporting realistic attack paths and aligning assessments to known adversary techniques.
MITRE ATT&CK turns isolated technical findings into a picture of operational risk, where a business can better understand whether an exploited vulnerability enables initial access, credential theft, persistence, or data exfiltration, and can then prioritise their remediation or mitigation controls accordingly.
Exploitr’s pentest reports map findings to MITRE ATT&CK where it’s appropriate, including within internal penetration testing , external penetration testing , and web application penetration testing .