🚨 We’re thrilled to announce a new addition to ATT&CK… 🥁🥁🥁
✨ EMOJIS ✨ 🤩🤠🥳😻🤘
😵💫 Techniques can be hard to describe 📝➡️🧠
Some folks are visual learners 👀📊
So… why not add a little 🔥🎨 fun?
Example: attack.mitre.org/emoji-techni...
💡Drop your best technique ➡️ emoji translations in replies 🗣️👇
ATT&CK v19 is coming 4/28! Along with our usual updates, the big change this release is the replacement of the Defense Evasion tactic in Enterprise ATT&CK with new Stealth and Impair Defenses tactics.
Cat Self talked about what's changing back at ATT&CKcon 6.0 (www.youtube.com/watch?v=0rQQ...).
Pencil in Oct 27-28, 2026 for ATT&CKcon 7.0! We'll be live for both in-person in McLean, VA and live online. Drop us a line at attackcon@mitre.org if you're interested in sponsoring, watch for our CFP to open in May, and grab a ticket when they go on sale this summer.
See you in October!
An exciting role of the ATT&CK team is getting to engage with the community. As today's kids are increasingly plugged into technologies, cybersecurity education for them is increasingly important too--and our leadership has been doing just that. www.mitre.org/news-insight...
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
🚨Big changes coming to ATT&CK on Tue (10/28) as we improve detections! It you use x_mitre_detection or x_mitre_data_sources, you need to update.
@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
Virtual registration for ATT&CKcon 6.0 is open! We hope you'll chose to join us in person at ATT&CK's home in McLean, VA October 14-15... But if you can't, catch the action for free online by registering at na.eventscloud.com/attackcon6/. Catch all of our talks & some exclusive online only content.
The ATT&CKcon 6.0 talk lineup is now live! Check out our fabulous group of speakers, or pick up a ticket to join us October 14-15 in McLean, VA at na.eventscloud.com/attackcon6. Only able to join us virtually? Hang tight, virtual registration opens September 3rd.
Want to learn even more detail about v18? We'll be covering it in depth at ATT&CKcon 6.0 October 14-15. In-person tickets are onsite now at na.eventscloud.com/attackcon6, with virtual registration coming in early September.
A chocolate ampersand
Are you ready to celebrate National Chocolate Day this October 28th? We will be by releasing ATT&CK v18, our next version of MITRE ATT&CK!
We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
The ATT&CK team is out at #hackersummercamp and happy to chat, meet up, or just share some stickers. Drop a DM or stop by an appearance if you’re interested in saying hi!
In-person ATT&CKcon 6.0 ticket sales are open! Come join us October 14-15 at ATT&CK HQ in McLean, VA. na.eventscloud.com/attackcon6/
We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
Tonight's the night! The ATT&CKcon 6.0 CFP will automatically stop accepting submissions at 8pm ET tonight. Historically we get about half of our submissions today, so all you procrastinators are in good company.
Give it your best shot at openconf.org/ATTACKCON2025.
Wondering about tickets for ATT&CKcon 6.0? Details are coming soon.
We are excited to announce our ATT&CKcon 6.0 keynote, Lillian Teng! Lillian's worn numerous hats in cyber at NCIS, FBI, Yahoo, and Capital One and has served with the KC7 Foundation, GirlSecurity, and LEAP.
Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
Looking to attend in-person or virtually? Hang tight, ticket sales will be announced in the coming months.
Interested in sponsoring ATT&CKcon? We have a couple slots left, and you can find out more at na.eventscloud.com/attackcon6.
We're looking for what's practical, what's aspirational, and what you should never ever do with ATT&CK. We're looking to hear from the community on any and all applications of ATT&CK. From managers to operators, if you're using ATT&CK we want to hear from you.
ATT&CKcon 6.0 Hero graphic
The MITRE ATT&CKcon 6.0 CFP is now open! Are you interested in joining us on the ATT&CKcon stage in McLean, VA October 14-15, 2025? Pitch us on your best ATT&CK related talk! Our CFP will close on July 9th at 8pm ET sharp, so get those proposals started.
www.openconf.org/ATTACKCON202...
And make sure to check out the ESXi material on ATT&CK including T1675 cloud.google.com/blog/topics/...
And see the entire ATT&CK v17 release for more information medium.com/mitre-attack...
Google’s reporting details UNC3886, Chinese cyber espionage group, using a zero-day vulnerability that enabled the execution of privileged commands across guest virtual machines without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs.
T1675 describes activity in which an adversary abuses ESXi admin services to execute commands on guest machines.
One of the big updates for ATT&CK v17 was the new platform ESXi which reflects the rise in attacks on virtualization infrastructure. The technique we’re spotlighting today is new to ATT&CK: T1675 ESXi Administration Command attack.mitre.org/techniques/T...
We’re currently reading Google’s reporting on VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors cloud.google.com/blog/topics/...
An old idea that still holds true: Fight the enemy where they aren’t. Threat actors take this advice to heart by avoiding Endpoint Detection and Response solutions and targeting systems that do not generally support EDR such as VMware ESXi hosts.
Read Volexity’s reporting here www.volexity.com/blog/2025/04... and be sure to browse the relevant procedures, mitigations, and detections at the ATT&CK technique page: attack.mitre.org/techniques/T...
Signal is a powerful end-to-end encrypted chat app. At the end of the day, that doesn’t help at all when you’re being spearphished. In fact, the lack of visibility and detection inherent in an encrypted chat app could even potentially hurt. That’s a wrinkle requiring vigilance on all parts.
