MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.
FEATURES
SIMILAR TOOLS
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.