Course Companion · Welcome, Analyst

MITRE ATT&CK Oracle

This HUD is an interactive map of the MITRE ATT&CK Enterprise matrix — the industry reference for adversary tactics, techniques, and procedures (TTPs). The fourteen tactics around the core represent why an adversary acts; techniques represent how.

ATT&CK vs. the Cyber Kill Chain

Two frameworks frequently confused. Both describe adversary progression, but they answer different questions:

Lockheed Martin Kill ChainA linear, 7-stage model (Recon → Weaponize → Deliver → Exploit → Install → C2 → Actions on Objectives). Strategic. Breaking any one link stops the attack. Useful for executive-level framing and prevention-centric programs.

MITRE ATT&CKA matrix of 14 tactics and ~200 techniques. Behavioral and non-linear — adversaries move fluidly between techniques. Useful for detection engineering, threat hunting, and purple teams. This HUD visualizes ATT&CK.

How to use this map

• Click a tactic node for its strategic intent, an example, and the techniques it contains.
• Click a technique for platforms, observed threat actors, data sources, mitigations, and framework mappings (NIST CSF 2.0 + CIS v8).
• Query the Forensic Vault for a reference Sigma/KQL/SPL detection rule.
• Press ESC at any time to step back one level.

Architect Ben Luthy·CISSP, CISM, CDPSE LinkedIn » Builder Claude AI

Strategic Intent

TACTIC

TA0000

TECHNIQUE

T0000

Platforms

—

Observed Threat Actors

—

Data Sources

—

Primary Mitigations

—

NIST CSF 2.0

—

CIS Controls v8

—

Engineering Capability // Detection Logic

DETECTION LOGIC

// REFERENCE IMPLEMENTATION

RULE SIGMA · YAML

ANALYST NOTE