Att&ck™ the Attacker


View Recording



View Slides


Meanwhile, many defenders have accepted that prevention does not always work. Therefore, it becomes critical to detect intrusions quickly. But what attacks can we already discover using existing data sources? What should we prioritize next? And which capabilities can we enhance?

MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a knowledge base and model for adversary behavior. It focuses on the various (post-compromise) phases of an adversary.

In this talk, I’ll present the ATT&CK™ model and possible ways of using it to evaluate, prioritize and improve defense capabilities.

Christian Kollee

Christian is an IT security consultant in the Cyber Defense team at NTT Security (Germany). He supports customers to prepare for and respond to IT security incidents of all kinds. In his spare time, Christian researches current threats, like malware and new attack techniques, and methods to detect and prevent them. You can reach him via Twitter (@ckollee) or e-mail (